CVE-2024-4106
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
A vulnerability has been found in FAST/TOOLS and CI Server. The affected products have built-in accounts with no passwords set. Therefore, if the product is operated without a password set by default, an attacker can break into the affected product. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04 CI Server R1.01.00 to R1.03.00
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Yokogawa Electric Corporation | FAST/TOOLS | R9.01 <= R10.04 | affected |
| Yokogawa Electric Corporation | CI Server | R1.01.00 <= R1.03.00 | affected |
Weaknesses
- CWE-258: CWE-258 Empty Password in Configuration File
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.