CVE-2024-4106
published 2024-06-26CVE-2024-4106: A vulnerability has been found in FAST/TOOLS and CI Server. The affected products have built-in accounts with no passwords set. Therefore, if the product is…
PriorityP429medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.39%
31.1th percentile
A vulnerability has been found in FAST/TOOLS and CI Server. The affected products have built-in accounts with no passwords set. Therefore, if the product is operated without a password set by default, an attacker can break into the affected product.
The affected products and versions are as follows:
FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04
CI Server R1.01.00 to R1.03.00
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| yokogawa_electric_corporation | ci_server | R1.01.00 – R1.03.00 | — |
| yokogawa_electric_corporation | fast_tools | R9.01 – R10.04 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Yokogawa FAST/TOOLS and CI Server
cisa_ics·2024-06-27·CVSS 5.8
[MEDIUM] Yokogawa FAST/TOOLS and CI Server
ICS Advisory
##
Yokogawa FAST/TOOLS and CI Server
Release DateJune 27, 2024
Alert CodeICSA-24-179-03
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 6.9
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Yokogawa
- Equipment: FAST/TOOLS and CI Server
- Vulnerabilities: Cross-site Scripting, Empty Password in Configuration File
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to launch a malicious script and take control of affected products.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Yokogawa FAST/TOOLS and CI Server, SCADA software environments, are affected:
- FAST/TOOLS RVSV
GHSA
GHSA-7wqc-7vpc-67h3: A vulnerability has been found in FAST/TOOLS and CI Server
ghsa_unreviewed·2024-06-26
CVE-2024-4106 [MEDIUM] CWE-258 GHSA-7wqc-7vpc-67h3: A vulnerability has been found in FAST/TOOLS and CI Server
A vulnerability has been found in FAST/TOOLS and CI Server. The affected products have built-in accounts with no passwords set. Therefore, if the product is operated without a password set by default, an attacker can break into the affected product.
The affected products and versions are as follows:
FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04
CI Server R1.01.00 to R1.03.00
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2024-36957 kernel: octeontx2-af: avoid off-by-one read from userspace
bugzilla·2024-06-03·CVSS 5.5
CVE-2024-36957 [MEDIUM] CVE-2024-36957 kernel: octeontx2-af: avoid off-by-one read from userspace
CVE-2024-36957 kernel: octeontx2-af: avoid off-by-one read from userspace
In the Linux kernel, the following vulnerability has been resolved:
octeontx2-af: avoid off-by-one read from userspace
The Linux kernel CVE team has assigned CVE-2024-36957 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024053041-CVE-2024-36957-5919@gregkh/T
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2284582]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9.2 Extended Update Support
Via RHSA-2024:4106 https://access.redhat.com/errata/RHSA-2024:4106
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9.2 Extended Update Support
Via RHSA-2024:4108 https://access.r
Bugzilla
CVE-2021-47400 kernel: net: hns3: do not allow call hns3_nic_net_open repeatedly
bugzilla·2024-05-22·CVSS 5.5
CVE-2021-47400 [MEDIUM] CVE-2021-47400 kernel: net: hns3: do not allow call hns3_nic_net_open repeatedly
CVE-2021-47400 kernel: net: hns3: do not allow call hns3_nic_net_open repeatedly
In the Linux kernel, the following vulnerability has been resolved:
net: hns3: do not allow call hns3_nic_net_open repeatedly
The Linux kernel CVE team has assigned CVE-2021-47400 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024052149-CVE-2021-47400-394b@gregkh/T
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9.2 Extended Update Support
Via RHSA-2024:4106 https://access.redhat.com/errata/RHSA-2024:4106
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9.2 Extended Update Support
Via RHSA-2024:4108 https://access.redhat.com/errata/RHSA-2024:4108
---
This issue has been addressed in t
Bugzilla
CVE-2024-35958 kernel: net: ena: Fix incorrect descriptor free behavior
bugzilla·2024-05-20·CVSS 5.5
CVE-2024-35958 [MEDIUM] CVE-2024-35958 kernel: net: ena: Fix incorrect descriptor free behavior
CVE-2024-35958 kernel: net: ena: Fix incorrect descriptor free behavior
In the Linux kernel, the following vulnerability has been resolved:
net: ena: Fix incorrect descriptor free behavior
The Linux kernel CVE team has assigned CVE-2024-35958 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024052019-CVE-2024-35958-18a7@gregkh/T
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2281926]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9.2 Extended Update Support
Via RHSA-2024:4106 https://access.redhat.com/errata/RHSA-2024:4106
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9.2 Extended Update Support
Via RHSA-2024:4108 https://access.redha
Bugzilla
CVE-2024-35960 kernel: net/mlx5: Properly link new fs rules into the tree
bugzilla·2024-05-20·CVSS 9.1
CVE-2024-35960 [CRITICAL] CVE-2024-35960 kernel: net/mlx5: Properly link new fs rules into the tree
CVE-2024-35960 kernel: net/mlx5: Properly link new fs rules into the tree
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Properly link new fs rules into the tree
The Linux kernel CVE team has assigned CVE-2024-35960 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024052020-CVE-2024-35960-2eaa@gregkh/T
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2281921]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9.2 Extended Update Support
Via RHSA-2024:4106 https://access.redhat.com/errata/RHSA-2024:4106
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9.2 Extended Update Support
Via RHSA-2024:4108 https://access.r
2024-06-26
Published