Full Report
Hardcoded credentials have been identified in Yokogawa STARDOM controllers, potentially leading to remote execution of arbitrary code on affected devices
Analysis Summary
Based on the provided context, the summary below is constructed using the known threat (hardcoded credentials leading to RCE) and the required specialized structure. *Note: The provided article excerpt is extremely brief and lacks specific CVE IDs, CVSS scores, detailed affected versions, or explicit patch numbers. Therefore, placeholders are used where specific data is missing, as is common when summarizing initial disclosures before detailed public assignment.*
# Vulnerability: Hardcoded Credentials in Yokogawa STARDOM Controllers Leading to Remote Code Execution
## CVE Details
- CVE ID: [Specific CVE ID typically assigned by vendor/NIST - Missing in context]
- CVSS Score: [Score typically associated with RCE via hardcoded credentials - Likely High/Critical] ([Severity - Likely Critical])
- CWE: CWE-798 (Use of Hard-coded Credentials)
## Affected Systems
- Products: Yokogawa STARDOM controllers (Specific model numbers pending full advisory)
- Versions: [Specific vulnerable versions - Missing in context]
- Configurations: Devices using default or unchanged hardcoded credentials.
## Vulnerability Description
The vulnerability stems from the presence of hardcoded administrative credentials embedded within the firmware of affected Yokogawa STARDOM controllers. If an attacker can access the device over the network, these static credentials can be used to authenticate, leading to potential escalation of privileges and the execution of arbitrary code on the controller.
## Exploitation
- Status: [PoC available - Highly likely for hardcoded credentials, but not confirmed in provided text]
- Complexity: [Low - Simple authentication bypass/credentials used for access]
- Attack Vector: Network
## Impact
- Confidentiality: High (Potential access to sensitive process data)
- Integrity: High (Ability to manipulate control logic)
- Availability: High (Potential for device shutdown or denial of service via RCE)
## Remediation
### Patches
- [Specific patch version provided by Yokogawa addressing firmware/credential removal - Missing in context]
- **Action**: Users must check the official Yokogawa security advisories for the specific patch release for their controller model.
### Workarounds
- Strong network segmentation and access control lists (ACLs) to restrict access to the STARDOM controllers from untrusted networks.
- Disabling unused services that might facilitate authentication attempts.
## Detection
- [Indicators of compromise] Network traffic attempting authentication against known default credentials.
- [Detection methods and tools] Network intrusion detection systems (NIDS) monitoring failed or successful logins to ICS management interfaces using default credentials.
## References
- [Vendor advisories] Yokogawa Security Advisory [Date of initial report/disclosure]
- [Relevant links - defanged] ics-cert.kaspersky.com/publications/blog/