CVE-2022-29519
First published: Tue Jun 28 2022(Updated: )
Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller and FCJ Controller R1.01 to R4.31, which may allow an adjacent attacker to login the affected products and alter device configuration settings or tamper with device firmware.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Yokogawa Stardom Fcj Firmware | >=r1.01<=r4.31 | |
| Yokogawa Stardom Fcj | ||
| Yokogawa Stardom Fcn Firmware | >=r1.01<=r4.31 | |
| Yokogawa Stardom Fcn | ||
| Yokogawa STARDOM FCN/FCJ: Versions R1.01 through R4.31 | ||
| Yokogawa STARDOM FCN/FCJ: Versions R4.10 through R4.31, dual CPU modules only; only affected by CVE-2022-30997 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://jvn.jp/vu/JVNVU95452299/index.html
- https://web-material3.yokogawa.com/1/32885/files/YSAR-22-0007-E.pdf
- https://web-material3.yokogawa.com/19/32885/files/YSAR-22-0007-J.pdf
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-01
- https://www.cisa.gov/news-events/ics-advisories/icsa-22-174-01 (Advisory)
Frequently Asked Questions
What is CVE-2022-29519?
CVE-2022-29519 is a vulnerability that allows an adjacent attacker to login to STARDOM FCN Controller and FCJ Controller R1.01 to R4.31 and alter device configuration settings or tamper with device firmware by exploiting the cleartext transmission of sensitive information.
How does CVE-2022-29519 impact Yokogawa Stardom FCN Controller and FCJ Controller?
CVE-2022-29519 can be exploited by an adjacent attacker to login to the affected products and modify device configurations or tamper with device firmware.
What is the severity rating of CVE-2022-29519?
CVE-2022-29519 has a severity rating of 7.5 (high).
How can I check if I am affected by CVE-2022-29519?
You may be affected by CVE-2022-29519 if you are using STARDOM FCN Controller and FCJ Controller versions R1.01 to R4.31.
Is Yokogawa Stardom Fcn and Fcj affected by CVE-2022-29519?
Yes, Yokogawa Stardom Fcn and Fcj are affected by CVE-2022-29519 if they are running the vulnerable firmware versions R1.01 to R4.31.
- collector/nvd-index
- agent/type
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/description
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- agent/first-publish-date
- agent/trending
- vendor/yokogawa
- canonical/yokogawa stardom fcj firmware
- version/yokogawa stardom fcj firmware/r1.01
- version/yokogawa stardom fcj firmware/r4.31
- canonical/yokogawa stardom fcj
- canonical/yokogawa stardom fcn firmware
- version/yokogawa stardom fcn firmware/r1.01
- version/yokogawa stardom fcn firmware/r4.31
- canonical/yokogawa stardom fcn
- canonical/yokogawa stardom fcn/fcj: versions r1.01 through r4.31
- canonical/yokogawa stardom fcn/fcj: versions r4.10 through r4.31, dual cpu modules only; only affected by cve-2022-30997