Web HMI Server Vulnerability Affects FAST/TOOLS Products
CVE-2024-4105

5.8MEDIUM

Key Information:

Vendor: Yokogawa Electric Corporation
Status: Fast/tools; Ci Server
Vendor: CVE Published:; 26 June 2024

Summary

A vulnerability has been found in FAST/TOOLS and CI Server. The affected product's WEB HMI server's function to process HTTP requests has a security flaw (Reflected XSS) that allows the execution of malicious scripts. Therefore, if a client PC with inadequate security measures accesses a product URL containing a malicious request, the malicious script may be executed on the client PC. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04 CI Server R1.01.00 to R1.03.00

Affected Version(s)

CI Server R1.01.00

FAST/TOOLS R9.01

References

https://web-material3.yokogawa.com/1/36059/files/YSAR-24-...

vendor-advisory

CVSS V3.1

Score:

5.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jun 26, 2024
Vulnerability Reserved
Apr 23, 2024