Yokogawa STARDOM Authentication Bypass Vulnerability CVE-2016-4860
Yokogawa and JPCERT/CCa authentication bypass vulnerability in the Yokogawa STARDOM controller. An attacker may be able to exploit this vulnerability to execute commands such as stop application program, change values, and modify application.
Yokogawa reports that the vulnerability affects the following products:
- STARDOM FCN/FCJ controller (from Version R1.01 to R4.01).
AUTHENTICATION BYPASS ISSUES
Logic Designer can connect to STARDOM controller without authentication.
Yokogawa has remediated the vulnerability with the latest release R4.02. The following link leads to Yokogawa’s STARDOM web site: