CVE-2024-4106

Summary

A vulnerability has been found in FAST/TOOLS and CI Server. The affected products have built-in accounts with no passwords set. Therefore, if the product is operated without a password set by default, an attacker can break into the affected product. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04 CI Server R1.01.00 to R1.03.00

Affected Software

VendorProductVersion RangeStatus
Yokogawa Electric CorporationFAST/TOOLSR9.01 <= R10.04affected
Yokogawa Electric CorporationCI ServerR1.01.00 <= R1.03.00affected

Weaknesses

  • CWE-258: CWE-258 Empty Password in Configuration File

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References