Yokogawa STARDOM Controllers (Update A)
Act Now9.8ICS-CERT ICSA-18-151-03May 31, 2018
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
The Yokogawa STARDOM controller family contains multiple critical vulnerabilities: hardcoded credentials (CWE-798), insufficient credential protection (CWE-522), session fixation (CWE-384), and denial-of-service memory exhaustion (CWE-400). An attacker with network access can authenticate using hardcoded credentials and execute arbitrary code on affected controllers. The vulnerabilities affect FCN-100, FCN-500, FCN-RTU, and FCJ models running firmware versions R4.10 and prior (R4.02 and prior for some models). Successful exploitation could allow remote code execution, unauthorized access, or denial of service on control systems managing critical processes.
What this means
What could happen
An attacker with network access to a STARDOM controller could execute arbitrary commands on the device, potentially altering process setpoints, stopping operations, or causing a denial of service on critical infrastructure like power distribution or water treatment systems.
Who's at risk
Water utilities, municipal electric utilities, and other critical infrastructure operators running Yokogawa STARDOM distributed control systems (FCN-100, FCN-500, FCN-RTU, and FCJ models) should prioritize this issue. These controllers are commonly used to manage and monitor processes in water treatment, power distribution, and HVAC systems.
How it could be exploited
An attacker on the network can send a specially crafted request to the STARDOM controller. The device has hardcoded credentials, no session protection, and inadequate credential encryption, allowing the attacker to authenticate and execute arbitrary code with high privileges.
Prerequisites
- Network access to the STARDOM controller (directly or via industrial network)
- Knowledge of hardcoded credentials (publicly documented or discoverable)
- Device running vulnerable firmware version (R4.10 or earlier for FCN-RTU/FCJ, R4.02 or earlier for FCN-100/FCN-500)
Remotely exploitableNo authentication required (hardcoded credentials)Low complexity exploitationNo patch available for some versions (end-of-life models)Affects critical infrastructure control systemsDefault/hardcoded credentials
Exploitability
Moderate exploit probability (EPSS 6.5%)
Affected products (8)
8 with fix
ProductAffected VersionsFix Status
STARDOM Controller FCN-RTU: (R4.10 and prior)≤ (R4.10)R4.20 or later (partial fix for memory exhaustion only)
STARDOM Controller FCJ: (R4.10 and prior)≤ (R4.10)R4.20 or later (partial fix for memory exhaustion only)
STARDOM Controller FCN-500: (R4.02 and prior)≤ (R4.02)R4.20 or later (partial fix for memory exhaustion only)
STARDOM Controller FCN-100: (R4.02 and prior)≤ (R4.02)R4.20 or later (partial fix for memory exhaustion only)
STARDOM Controller FCN-RTU: (R4.02 and prior)≤ (R4.02)R4.20 or later (partial fix for memory exhaustion only)
STARDOM Controller FCJ: (R4.02 and prior)≤ (R4.02)R4.20 or later (partial fix for memory exhaustion only)
STARDOM Controller FCN-500: (R4.10 and prior)≤ (R4.10)R4.20 or later (partial fix for memory exhaustion only)
STARDOM Controller FCN-100: (R4.10 and prior)≤ (R4.10)R4.20 or later (partial fix for memory exhaustion only)
Remediation & Mitigation
0/4
Do now
0/1WORKAROUNDRestrict network access to STARDOM controllers using packet filtering rules on the controller itself (FCN packet filter function) and edge firewalls to allow only trusted engineering workstations and automation servers
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpgrade STARDOM FCN/FCJ controller firmware to Version R4.20 or later
Long-term hardening
0/2HARDENINGImplement network encryption and monitoring to prevent unauthorized capture of communication data between STARDOM devices and connected systems
HARDENINGPlace STARDOM controllers and associated control networks behind firewalls and isolate them from business networks and Internet-facing infrastructure
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/0ccf7b0d-7bcf-4e9d-87ee-6520827124fd