CVE-2022-30997 – This vulnerability involves hard-coded credenti... (How to Fix)

Q: What is the severity of CVE-2022-30997?

CVE-2022-30997 has a CVSS score of 7.2 (HIGH). This vulnerability involves hard-coded credentials in STARDOM FCN and FCJ controllers, allowing attackers with administrative access to read/change configuration settings or install tampered firmware. It affects industrial control systems running versions R4.10 through R4.31 of these controllers.

📋 TL;DR

This vulnerability involves hard-coded credentials in STARDOM FCN and FCJ controllers, allowing attackers with administrative access to read/change configuration settings or install tampered firmware. It affects industrial control systems running versions R4.10 through R4.31 of these controllers.

💻 Affected Systems

Products:

STARDOM FCN Controller
STARDOM FCJ Controller

Versions: R4.10 to R4.31

Operating Systems: Controller firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All installations within affected version range are vulnerable due to hard-coded credentials.

📦 What is this software?

Stardom Fcj Firmware by Yokogawa

View all CVEs affecting Stardom Fcj Firmware →

Stardom Fcn Firmware by Yokogawa

View all CVEs affecting Stardom Fcn Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of industrial control systems leading to operational disruption, safety incidents, or physical damage through malicious firmware updates.

🟠

Likely Case

Unauthorized configuration changes leading to operational issues, data theft, or preparation for further attacks.

🟢

If Mitigated

Limited impact if network segmentation and access controls prevent administrative access to controllers.

🌐 Internet-Facing: HIGH if controllers are directly internet-accessible, as attackers could exploit hard-coded credentials remotely.

🏢 Internal Only: MEDIUM to HIGH depending on internal network security, as attackers with internal access could exploit the credentials.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires administrative access to the controller, but once obtained, using hard-coded credentials is straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: R4.32 or later

Vendor Advisory: https://web-material3.yokogawa.com/1/32885/files/YSAR-22-0007-E.pdf

Restart Required: Yes

Instructions:

1. Download firmware version R4.32 or later from Yokogawa support. 2. Backup current configuration. 3. Apply firmware update following vendor instructions. 4. Verify update and restore configuration if needed.

🔧 Temporary Workarounds

Network segmentation

all

Isolate controllers from untrusted networks and limit administrative access.

Access control hardening

all

Implement strict firewall rules and multi-factor authentication for administrative interfaces.

🧯 If You Can't Patch

Implement network segmentation to isolate controllers from untrusted networks.
Monitor for unauthorized access attempts and configuration changes.

🔍 How to Verify

Check if Vulnerable:

Check controller firmware version via web interface or CLI. If version is between R4.10 and R4.31, it is vulnerable.

Check Version:

Check via controller web interface or vendor-specific CLI commands (varies by model).

Verify Fix Applied:

Verify firmware version is R4.32 or later after applying update.

📡 Detection & Monitoring

Log Indicators:

Unauthorized login attempts using default/hard-coded credentials
Unexpected configuration changes
Firmware update events

Network Indicators:

Unusual administrative access patterns to controller interfaces
Traffic to/from controller on administrative ports

SIEM Query:

source="controller_logs" AND (event_type="login_failure" OR event_type="config_change" OR event_type="firmware_update")

📊 Metadata

CVE ID: CVE-2022-30997

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-798

Published: June 28, 2022

Last Updated: November 21, 2024

🔗 References

https://jvn.jp/vu/JVNVU95452299/index.html Mitigation,Third Party Advisory,VDB Entry
https://web-material3.yokogawa.com/1/32885/files/YSAR-22-0007-E.pdf Mitigation,Vendor Advisory
https://web-material3.yokogawa.com/19/32885/files/YSAR-22-0007-J.pdf Mitigation,Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-01 Mitigation,Third Party Advisory,US Government Resource
https://jvn.jp/vu/JVNVU95452299/index.html Mitigation,Third Party Advisory,VDB Entry
https://web-material3.yokogawa.com/1/32885/files/YSAR-22-0007-E.pdf Mitigation,Vendor Advisory
https://web-material3.yokogawa.com/19/32885/files/YSAR-22-0007-J.pdf Mitigation,Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-01 Mitigation,Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-30997, you might also want to check these: