Yokogawa STARDOM

Monitor6.3ICS-CERT ICSA-22-174-01Jun 23, 2022

Attack VectorAdjacent

Auth RequiredHigh

ComplexityHigh

User InteractionRequired

Summary

Yokogawa STARDOM FCN/FCJ controllers (firmware R1.01 through R4.31) contain vulnerabilities related to unencrypted data transmission (CWE-319) and hardcoded credentials (CWE-798). These allow attackers to intercept configuration data and credentials, then modify device settings or firmware. No public exploits currently exist, and the attack requires high privileges, network access to the device, and manual user interaction, making exploitation complex. Yokogawa has not released a patch and recommends network-level mitigations instead.

What this means

What could happen

An attacker with network access to a Yokogawa STARDOM FCN/FCJ controller could alter device configuration settings or modify device firmware, potentially disrupting process control or causing unsafe equipment operations.

Who's at risk

Water utilities and municipal electric providers operating Yokogawa STARDOM FCN/FCJ controllers (firmware versions R1.01 through R4.31) for process automation, data collection, and equipment monitoring are affected. Engineering teams responsible for setting device configurations are the primary targets.

How it could be exploited

An attacker on the same network segment as the STARDOM controller could capture unencrypted network traffic to intercept credentials or configuration data, then send crafted requests to alter device settings or firmware. The attack requires high privileges and manual interaction, which limits real-world exploitation likelihood.

Prerequisites

Network access to the STARDOM FCN/FCJ controller (same network segment or direct connection)
High-level privileges on the device or engineering workstation
Ability to capture or intercept network traffic (unencrypted channel vulnerability)
Manual user interaction to complete the attack

No patch available from vendorRemotely exploitable from network segmentHigh attack complexity limits real-world riskLow EPSS score (0.7%) indicates minimal current exploit activityUnencrypted credential and configuration data transmission

Exploitability

Low exploit probability (EPSS 0.7%)

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

STARDOM FCN/FCJ:≥ R1.01 | ≤ R4.31No fix (EOL)

STARDOM FCN/FCJ:≥ R1.01 | ≤ R4.31 (Only affected by CVE-222-30997)No fix (EOL)

Remediation & Mitigation

0/6

Do now

0/1

WORKAROUNDEnable packet filtering on the STARDOM FCN/FCJ controller to restrict connections to only trusted hosts (engineering workstations, monitoring systems)

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXContact Yokogawa to discuss upgrade or remediation options for individual systems, as no public patch is currently available

Mitigations - no patch available

0/4

The following products have reached End of Life with no planned fix: STARDOM FCN/FCJ:, STARDOM FCN/FCJ:. Apply the following compensating controls:

HARDENINGImplement network segmentation to isolate STARDOM controllers from the business network and the Internet

HARDENINGEncrypt network traffic to the STARDOM controller to prevent credential and configuration interception

HARDENINGDeploy a firewall between control system networks and other networks to block unauthorized access

HARDENINGEstablish anti-virus, backup/recovery, network hardening, and whitelisting policies as part of an operational security program

CVEs (2)

CVE-2022-29519 CVE-2022-30997

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/27e8b589-4819-45d4-a5f3-cd5c0e2008c8