CVE-2024-4106
June 26, 2024, 12:44 p.m.
Tags
CVSS Score
Product(s) Impacted
FAST/TOOLS
- R9.01
- R10.04
CI Server
- R1.01.00
- R1.03.00
Description
A vulnerability has been found in FAST/TOOLS and CI Server. The affected products have built-in accounts with no passwords set. Therefore, if the product is operated without a password set by default, an attacker can break into the affected product. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04 CI Server R1.01.00 to R1.03.00
Weaknesses
CWE-258
Empty Password in Configuration File
Using an empty string as a password is insecure.
CWE ID: 258Date
Published: June 26, 2024, 6:15 a.m.
Last Modified: June 26, 2024, 12:44 p.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
7168b535-132a-4efe-a076-338f829b2eb9
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
Base Score
Exploitability Score
Impact Score
Base Severity
MEDIUMCVSS Vector String
The CVSS vector string provides an in-depth view of the vulnerability metrics.
View Vector StringCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N