CVE-2016-4860 — HIGH (7.3) — White Hats Nepal

Vulnerability Description

Yokogawa STARDOM FCN/FCJ controller R1.01 through R4.01 does not require authentication for Logic Designer connections, which allows remote attackers to reconfigure the device or cause a denial of service via a (1) stop application program, (2) change value, or (3) modify application command.

CVSS Score

7.3

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Yokogawa	Stardom Fcn\/Fcj	r1.01

Related Weaknesses (CWE)

CWE-287

References

http://www.securityfocus.com/bid/92981
https://ics-cert.us-cert.gov/advisories/ICSA-16-259-01Third Party AdvisoryUS Government Resource
https://web-material3.yokogawa.com/YSAR-16-0002-E.pdfVendor Advisory
http://www.securityfocus.com/bid/92981
https://ics-cert.us-cert.gov/advisories/ICSA-16-259-01Third Party AdvisoryUS Government Resource
https://web-material3.yokogawa.com/YSAR-16-0002-E.pdfVendor Advisory

FAQ

What is CVE-2016-4860?

CVE-2016-4860 is a vulnerability with a CVSS score of 7.3 (HIGH). Yokogawa STARDOM FCN/FCJ controller R1.01 through R4.01 does not require authentication for Logic Designer connections, which allows remote attackers to reconfigure the device or cause a denial of ser...

How severe is CVE-2016-4860?

CVE-2016-4860 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-4860?

Check the references section above for vendor advisories and patch information. Affected products include: Yokogawa Stardom Fcn\/Fcj.