CVE-2022-29519

Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller and FCJ Controller R1.01 to R4.31, which may allow an adjacent attacker to login the affected products and alter device configuration settings or tamper with device firmware.

CVSS v3 7.5 HIGH
CVSS v2.0 7.9 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.6 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.9^/10

CVSS v2.0 : HIGH

Vector : AV:A/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 5.5 / Impact : 10.0

Access Vector ADJACENT_NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://jvn.jp/vu/JVNVU95452299/index.html	Mitigation Third Party Advisory VDB Entry
https://web-material3.yokogawa.com/1/32885/files/YSAR-22-0007-E.pdf	Mitigation Vendor Advisory
https://web-material3.yokogawa.com/19/32885/files/YSAR-22-0007-J.pdf	Mitigation Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-01	Mitigation Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:yokogawa:stardom_fcj_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:yokogawa:stardom_fcj:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:yokogawa:stardom_fcn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:yokogawa:stardom_fcn:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-06-28 13:15

Updated : 2022-07-08 14:57

NVD link : CVE-2022-29519

Mitre link : CVE-2022-29519

CVE.ORG link : CVE-2022-29519

JSON object : View

Products Affected

yokogawa

stardom_fcj_firmware
stardom_fcj
stardom_fcn
stardom_fcn_firmware

CWE

CWE-319

Cleartext Transmission of Sensitive Information

{"id": "CVE-2022-29519", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.9, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 5.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}]}, "published": "2022-06-28T13:15:12.377", "references": [{"url": "https://jvn.jp/vu/JVNVU95452299/index.html", "tags": ["Mitigation", "Third Party Advisory", "VDB Entry"], "source": "vultures@jpcert.or.jp"}, {"url": "https://web-material3.yokogawa.com/1/32885/files/YSAR-22-0007-E.pdf", "tags": ["Mitigation", "Vendor Advisory"], "source": "vultures@jpcert.or.jp"}, {"url": "https://web-material3.yokogawa.com/19/32885/files/YSAR-22-0007-J.pdf", "tags": ["Mitigation", "Vendor Advisory"], "source": "vultures@jpcert.or.jp"}, {"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-01", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "source": "vultures@jpcert.or.jp"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-319"}]}], "descriptions": [{"lang": "en", "value": "Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller and FCJ Controller R1.01 to R4.31, which may allow an adjacent attacker to login the affected products and alter device configuration settings or tamper with device firmware."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de transmisi\u00f3n de texto sin cifrar de informaci\u00f3n confidencial en STARDOM FCN Controller y FCJ Controller versiones R1.01 a R4.31, que puede permitir a un atacante adyacente iniciar sesi\u00f3n en los productos afectados y alterar los ajustes de configuraci\u00f3n del dispositivo o manipular el firmware del mismo"}], "lastModified": "2022-07-08T14:57:14.547", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:yokogawa:stardom_fcj_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03BF3DA1-FA1C-4633-A665-EE5826650EC8", "versionEndIncluding": "r4.31", "versionStartIncluding": "r1.01"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:yokogawa:stardom_fcj:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "37EFAADB-EF41-4B63-A9C4-9A410682F47D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:yokogawa:stardom_fcn_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A08E6234-7D44-4C8D-9D5B-373A085D0716", "versionEndIncluding": "r4.31", "versionStartIncluding": "r1.01"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:yokogawa:stardom_fcn:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6051604E-7FAF-44D7-BDB6-7D2D71DFC416"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "vultures@jpcert.or.jp"}