October 11, 2018

The NCCIC has updated this advisory with additional details on the vulnerability and the risk it poses, technical details about the affected products, and mitigation measures. NCCIC/ICS-CERT.

May 31, 2018

The NCCIC has released an advisory on a hard-coded credentials vulnerability in Yokogawa STARDOM Controller products. Numerous products and versions are affected. Successful exploitation of this vulnerability could allow an attacker to gain access to the affected device, which could result in remote code execution. Yokogawa has recommended users upgrade the FCN/FCJ software to Version R4.10 or later and reports that the vulnerability is remediated in that version. Yokogawa strongly suggests all users introduce appropriate security measures not only for the vulnerability identified but also to the overall system. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.