1. EXECUTIVE SUMMARY
- CVSS v3 5.3
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Yokogawa
- Equipment: STARDOM FCN/FCJ
- Vulnerability: Uncontrolled Resource Consumption
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service condition to the FCN/FCJ controller by sending a specially crafted packet.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of Yokogawa STARDOM FCN/FCJ, a network control system, are affected:
- STARDOM FCN/FCJ: versions R1.01 through R4.31
3.2 Vulnerability Overview
3.2.1 UNCONTROLLED RESOURCE CONSUMPTION CWE-400
This vulnerability may allow to a remote attacker to cause a denial-of-service condition to the FCN/FCJ controller by sending a crafted packet. While sending the packet, the maintenance homepage of the controller could not be accessed. Therefore, functions of the maintenance homepage, changing configuration, viewing logs, etc. are not available. But the controller’s operation is not stopped by the condition.
CVE-2023-5915 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
3.3 BACKGROUND
- CRITICAL INFRASTRUCTURE SECTORS: Multiple
- COUNTRIES/AREAS DEPLOYED: Worldwide
- COMPANY HEADQUARTERS LOCATION: Japan
3.4 RESEARCHER
Roman Ezhov of Kaspersky reported this vulnerability to Yokogawa.
4. MITIGATIONS
Yokogawa has released the following mitigations for users to implemen
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: