CVE-2018-17898 : Security Advisory and Response

Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500 are affected by uncontrolled memory allocation vulnerability up to version R4.10, potentially leading to system instability.

Understanding CVE-2018-17898

This CVE involves uncontrolled memory allocation in Yokogawa STARDOM Controllers, posing a risk of system instability.

What is CVE-2018-17898?

This vulnerability allows unauthorized users to exploit the controller application, causing uncontrolled memory allocation and potential system instability.

The Impact of CVE-2018-17898

Unauthorized users can exploit this vulnerability, leading to system instability and potential disruption of controller operations.

Technical Details of CVE-2018-17898

Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500 are susceptible to uncontrolled memory allocation.

Vulnerability Description

The controller application fails to prevent memory exhaustion by unauthorized requests, allowing attackers to destabilize the controller.

Affected Systems and Versions

Product: STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500
Vendor: Yokogawa
Versions: All versions up to R4.10

Exploitation Mechanism

Unauthorized users can exploit this vulnerability to cause uncontrolled memory allocation, potentially leading to system instability.

Mitigation and Prevention

Immediate Steps to Take:

Apply vendor-provided patches or updates promptly.
Implement network segmentation to restrict access to vulnerable systems.
Monitor network traffic for any suspicious activity. Long-Term Security Practices:
Regularly update and patch all systems and software.
Conduct security training for employees to recognize and report potential security threats.
Implement strong access controls and authentication mechanisms.
Perform regular security audits and assessments.

Patching and Updates

Ensure all Yokogawa STARDOM Controllers are updated to versions beyond R4.10 to mitigate the uncontrolled memory allocation vulnerability.