CVE-2024-4106

June 26, 2024, 12:44 p.m.

5.3
Medium

Description

A vulnerability has been found in FAST/TOOLS and CI Server. The affected products have built-in accounts with no passwords set. Therefore, if the product is operated without a password set by default, an attacker can break into the affected product. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04 CI Server R1.01.00 to R1.03.00

Product(s) Impacted

Product Versions
FAST/TOOLS
  • ['R9.01', 'R10.04']
CI Server
  • ['R1.01.00', 'R1.03.00']

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-258
Empty Password in Configuration File
Using an empty string as a password is insecure.

References

https://web-material3.yokogawa.com/1/36059/files/YSAR-24-0001-E.pdf

Tags

7168b535-132a-4efe-a076-338f829b2eb9
2024-06-26
CVE-2024-4106
CWE-258

CVSS Score

5.3 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: LOW
  • Integrity Impact: NONE
  • Availability Impact: NONE

    • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

    View Vector String

Timeline

Published: June 26, 2024, 6:15 a.m.
Last Modified: June 26, 2024, 12:44 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

7168b535-132a-4efe-a076-338f829b2eb9

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.