Uncontrolled Resource Consumption Vulnerability in STARDOM by Yokogawa Electric Corporation
CVE-2023-5915

5.3MEDIUM

Key Information:

Vendor: Yokogawa Electric Corporation
Status: STARDOM
Vendor: CVE Published:; 1 December 2023

Summary

A vulnerability has been discovered in the STARDOM FCN/FCJ controllers developed by Yokogawa Electric Corporation, enabling remote attackers to exploit uncontrolled resource consumption. By sending specially crafted packets, an attacker could trigger a denial-of-service condition, making the maintenance homepage of the controller inaccessible. This disrupts crucial functionalities such as configuration changes and log viewing, while the controller continues to operate normally. The vulnerability affects multiple versions of the STARDOM FCN/FCJ units, specifically from R1.01 to R4.31.

Affected Version(s)

STARDOM STARDOM FCN/FCJ R1.01 to R4.31

References

https://web-material3.yokogawa.com/1/35463/files/YSAR-23-...

https://www.cisa.gov/news-events/ics-advisories/icsa-23-3...

https://jvn.jp/vu/JVNVU95177889/index.html

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 1, 2023
Vulnerability Reserved
Nov 2, 2023