Products
FAST/TOOLS
- R9.01
- R10.04
CI Server
- R1.01.00
- R1.03.00
Source
7168b535-132a-4efe-a076-338f829b2eb9
Tags
CVE-2024-4106 details
Last Modified : June 26, 2024, 12:44 p.m.
Description
A vulnerability has been found in FAST/TOOLS and CI Server. The affected products have built-in accounts with no passwords set. Therefore, if the product is operated without a password set by default, an attacker can break into the affected product. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04 CI Server R1.01.00 to R1.03.00
CVSS Score
1 | 2 | 3 | 4 | 5.3 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-258 | Empty Password in Configuration File | Using an empty string as a password is insecure. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
Base Score
5.3
Exploitability Score
3.9
Impact Score
1.4
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References
URL | Source |
---|---|
https://web-material3.yokogawa.com/1/36059/files/YSAR-24-0001-E.pdf | 7168b535-132a-4efe-a076-338f829b2eb9 |