Yokogawa STARDOM Authentication Bypass Vulnerability

Monitor7.3ICS-CERT ICSA-16-259-01Jun 19, 2016

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The STARDOM FCN/FCJ controller contains an authentication bypass vulnerability that allows an attacker to gain unauthorized access to the device without providing valid credentials. The vulnerability affects firmware versions R1.01 through R4.00. Once an attacker gains access, they can read and modify device configuration, control parameters, and operational setpoints. The vulnerability is remotely exploitable over the network with minimal complexity.

What this means

What could happen

An attacker with network access to a STARDOM FCN/FCJ controller could bypass authentication and gain unauthorized access to device configuration and control functions, potentially allowing modification of process parameters or disruption of critical operations.

Who's at risk

This vulnerability affects facilities that rely on Yokogawa STARDOM FCN/FCJ controllers for process automation and monitoring—primarily power generation, water treatment, oil and gas production, chemical processing, and district heating/cooling systems. Any organization running these controllers in versions R1.01 through R4.00 is at risk.

How it could be exploited

An attacker sends a specially crafted request over the network to the STARDOM controller that circumvents the authentication mechanism. Once authenticated, the attacker can interact with the device's management interface to read or modify operational settings and control commands.

Prerequisites

Network connectivity to the STARDOM FCN/FCJ controller on its management port (typically port 8000 or 8443)
No valid credentials required—the authentication bypass allows unauthenticated access

Remotely exploitable over the networkNo authentication requiredLow complexity attackNo patch available from vendorAffects industrial control systems

Exploitability

Low exploit probability (EPSS 0.9%)

Affected products (1)

ProductAffected VersionsFix Status

STARDOM FCN/FCJ controller: >=R1.01|<R4.01≥ R1.01|<R4.01No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict network access to STARDOM controllers using firewall rules; allow only authorized engineering workstations and operator consoles on the management VLAN

WORKAROUNDReview and document all access logs for STARDOM controllers to detect any prior unauthorized access

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGImplement network monitoring and alerting for unauthorized access attempts to STARDOM management ports

Mitigations - no patch available

0/1

STARDOM FCN/FCJ controller: >=R1.01|<R4.01 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGSegment STARDOM controllers onto a dedicated control network isolated from corporate IT and the internet

CVEs (1)

CVE-2016-4860

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a270bddc-1650-479a-8eb2-df3cad2c6d53