cvelistv5 - CVE-2024-4105

CVE-2024-4105 (GCVE-0-2024-4105)

Vulnerability from cvelistv5 – Published: 2024-06-26 05:25 – Updated: 2024-08-01 20:33

Summary

A vulnerability has been found in FAST/TOOLS and CI Server. The affected product's WEB HMI server's function to process HTTP requests has a security flaw (Reflected XSS) that allows the execution of malicious scripts. Therefore, if a client PC with inadequate security measures accesses a product URL containing a malicious request, the malicious script may be executed on the client PC. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04 CI Server R1.01.00 to R1.03.00

Severity ?

5.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Assigner

YokogawaGroup

References

URL

Tags

https://web-material3.yokogawa.com/1/36059/files/…

vendor-advisory

Impacted products

Vendor

Product

Version

Yokogawa Electric Corporation

FAST/TOOLS

Affected: R9.01 , ≤ R10.04 (custom)

Yokogawa Electric Corporation

CI Server

Affected: R1.01.00 , ≤ R1.03.00 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-4105",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-26T17:29:58.387431Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-26T17:30:23.193Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:33:52.203Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://web-material3.yokogawa.com/1/36059/files/YSAR-24-0001-E.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "FAST/TOOLS",
          "vendor": "Yokogawa Electric Corporation",
          "versions": [
            {
              "lessThanOrEqual": "R10.04",
              "status": "affected",
              "version": "R9.01",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "CI Server",
          "vendor": "Yokogawa Electric Corporation",
          "versions": [
            {
              "lessThanOrEqual": "R1.03.00",
              "status": "affected",
              "version": "R1.01.00",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A vulnerability has been found in FAST/TOOLS and CI Server. The affected product\u0027s WEB HMI server\u0027s function to process HTTP requests has a security flaw (Reflected XSS) that allows the execution of malicious scripts. Therefore, if a client PC with inadequate security measures accesses a product URL containing a malicious request, the malicious script may be executed on the client PC.\u003cbr\u003eThe affected products and versions are as follows:\u003cbr\u003eFAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04\u003cbr\u003eCI Server R1.01.00 to R1.03.00"
            }
          ],
          "value": "A vulnerability has been found in FAST/TOOLS and CI Server. The affected product\u0027s WEB HMI server\u0027s function to process HTTP requests has a security flaw (Reflected XSS) that allows the execution of malicious scripts. Therefore, if a client PC with inadequate security measures accesses a product URL containing a malicious request, the malicious script may be executed on the client PC.\nThe affected products and versions are as follows:\nFAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04\nCI Server R1.01.00 to R1.03.00"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-26T05:25:04.524Z",
        "orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
        "shortName": "YokogawaGroup"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://web-material3.yokogawa.com/1/36059/files/YSAR-24-0001-E.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
    "assignerShortName": "YokogawaGroup",
    "cveId": "CVE-2024-4105",
    "datePublished": "2024-06-26T05:25:04.524Z",
    "dateReserved": "2024-04-23T23:06:00.203Z",
    "dateUpdated": "2024-08-01T20:33:52.203Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability has been found in FAST/TOOLS and CI Server. The affected product\u0027s WEB HMI server\u0027s function to process HTTP requests has a security flaw (Reflected XSS) that allows the execution of malicious scripts. Therefore, if a client PC with inadequate security measures accesses a product URL containing a malicious request, the malicious script may be executed on the client PC.\\nThe affected products and versions are as follows:\\nFAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04\\nCI Server R1.01.00 to R1.03.00\"}, {\"lang\": \"es\", \"value\": \"Se ha encontrado una vulnerabilidad en FAST/TOOLS y CI Server. La funci\\u00f3n del servidor WEB HMI del producto afectado para procesar solicitudes HTTP tiene un fallo de seguridad (XSS Reflejado) que permite la ejecuci\\u00f3n de scripts maliciosos. Por lo tanto, si una PC cliente con medidas de seguridad inadecuadas accede a la URL de un producto que contiene una solicitud maliciosa, el script malicioso puede ejecutarse en la PC cliente. Los productos y versiones afectados son los siguientes: FAST/TOOLS (Paquetes: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 a R10.04 CI Server R1.01.00 a R1.03.00\"}]",
      "id": "CVE-2024-4105",
      "lastModified": "2024-11-21T09:42:12.100",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"7168b535-132a-4efe-a076-338f829b2eb9\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N\", \"baseScore\": 5.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}]}",
      "published": "2024-06-26T06:15:15.500",
      "references": "[{\"url\": \"https://web-material3.yokogawa.com/1/36059/files/YSAR-24-0001-E.pdf\", \"source\": \"7168b535-132a-4efe-a076-338f829b2eb9\"}, {\"url\": \"https://web-material3.yokogawa.com/1/36059/files/YSAR-24-0001-E.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "7168b535-132a-4efe-a076-338f829b2eb9",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"7168b535-132a-4efe-a076-338f829b2eb9\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-4105\",\"sourceIdentifier\":\"7168b535-132a-4efe-a076-338f829b2eb9\",\"published\":\"2024-06-26T06:15:15.500\",\"lastModified\":\"2024-11-21T09:42:12.100\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been found in FAST/TOOLS and CI Server. The affected product\u0027s WEB HMI server\u0027s function to process HTTP requests has a security flaw (Reflected XSS) that allows the execution of malicious scripts. Therefore, if a client PC with inadequate security measures accesses a product URL containing a malicious request, the malicious script may be executed on the client PC.\\nThe affected products and versions are as follows:\\nFAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04\\nCI Server R1.01.00 to R1.03.00\"},{\"lang\":\"es\",\"value\":\"Se ha encontrado una vulnerabilidad en FAST/TOOLS y CI Server. La funci\u00f3n del servidor WEB HMI del producto afectado para procesar solicitudes HTTP tiene un fallo de seguridad (XSS Reflejado) que permite la ejecuci\u00f3n de scripts maliciosos. Por lo tanto, si una PC cliente con medidas de seguridad inadecuadas accede a la URL de un producto que contiene una solicitud maliciosa, el script malicioso puede ejecutarse en la PC cliente. Los productos y versiones afectados son los siguientes: FAST/TOOLS (Paquetes: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 a R10.04 CI Server R1.01.00 a R1.03.00\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"7168b535-132a-4efe-a076-338f829b2eb9\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N\",\"baseScore\":5.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"7168b535-132a-4efe-a076-338f829b2eb9\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"references\":[{\"url\":\"https://web-material3.yokogawa.com/1/36059/files/YSAR-24-0001-E.pdf\",\"source\":\"7168b535-132a-4efe-a076-338f829b2eb9\"},{\"url\":\"https://web-material3.yokogawa.com/1/36059/files/YSAR-24-0001-E.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://web-material3.yokogawa.com/1/36059/files/YSAR-24-0001-E.pdf\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T20:33:52.203Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-4105\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-26T17:29:58.387431Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-26T17:30:14.538Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 5.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Yokogawa Electric Corporation\", \"product\": \"FAST/TOOLS\", \"versions\": [{\"status\": \"affected\", \"version\": \"R9.01\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"R10.04\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Yokogawa Electric Corporation\", \"product\": \"CI Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"R1.01.00\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"R1.03.00\"}], \"defaultStatus\": \"unknown\"}], \"references\": [{\"url\": \"https://web-material3.yokogawa.com/1/36059/files/YSAR-24-0001-E.pdf\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability has been found in FAST/TOOLS and CI Server. The affected product\u0027s WEB HMI server\u0027s function to process HTTP requests has a security flaw (Reflected XSS) that allows the execution of malicious scripts. Therefore, if a client PC with inadequate security measures accesses a product URL containing a malicious request, the malicious script may be executed on the client PC.\\nThe affected products and versions are as follows:\\nFAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04\\nCI Server R1.01.00 to R1.03.00\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A vulnerability has been found in FAST/TOOLS and CI Server. The affected product\u0027s WEB HMI server\u0027s function to process HTTP requests has a security flaw (Reflected XSS) that allows the execution of malicious scripts. Therefore, if a client PC with inadequate security measures accesses a product URL containing a malicious request, the malicious script may be executed on the client PC.\u003cbr\u003eThe affected products and versions are as follows:\u003cbr\u003eFAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04\u003cbr\u003eCI Server R1.01.00 to R1.03.00\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"7168b535-132a-4efe-a076-338f829b2eb9\", \"shortName\": \"YokogawaGroup\", \"dateUpdated\": \"2024-06-26T05:25:04.524Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-4105\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-01T20:33:52.203Z\", \"dateReserved\": \"2024-04-23T23:06:00.203Z\", \"assignerOrgId\": \"7168b535-132a-4efe-a076-338f829b2eb9\", \"datePublished\": \"2024-06-26T05:25:04.524Z\", \"assignerShortName\": \"YokogawaGroup\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-WF34-93RM-QPCQ

Vulnerability from github – Published: 2024-06-26 06:30 – Updated: 2024-06-26 06:30

Details

Severity ?

5.8 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-4105"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-26T06:15:15Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been found in FAST/TOOLS and CI Server. The affected product\u0027s WEB HMI server\u0027s function to process HTTP requests has a security flaw (Reflected XSS) that allows the execution of malicious scripts. Therefore, if a client PC with inadequate security measures accesses a product URL containing a malicious request, the malicious script may be executed on the client PC.\nThe affected products and versions are as follows:\nFAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04\nCI Server R1.01.00 to R1.03.00",
  "id": "GHSA-wf34-93rm-qpcq",
  "modified": "2024-06-26T06:30:29Z",
  "published": "2024-06-26T06:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4105"
    },
    {
      "type": "WEB",
      "url": "https://web-material3.yokogawa.com/1/36059/files/YSAR-24-0001-E.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

ICSA-24-179-03

Vulnerability from csaf_cisa - Published: 2024-06-27 06:00 - Updated: 2024-06-27 06:00

Summary

Yokogawa FAST/TOOLS and CI Server

Notes

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of these vulnerabilities could allow an attacker to launch a malicious script and take control of affected products.

Critical infrastructure sectors

Critical Manufacturing, Energy, Food and Agriculture

Countries/areas deployed

Worldwide

Company headquarters location

Japan

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Recommended Practices

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Recommended Practices

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Recommended Practices

Do not click web links or open attachments in unsolicited email messages.

Recommended Practices

Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.

Recommended Practices

Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

Recommended Practices

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "Yokogawa",
        "summary": "reporting these vulnerabilities to CISA"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these vulnerabilities could allow an attacker to launch a malicious script and take control of affected products.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing, Energy, Food and Agriculture",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Japan",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Do not click web links or open attachments in unsolicited email messages.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "central@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-24-179-03 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-179-03.json"
      },
      {
        "category": "self",
        "summary": "ICSA Advisory ICSA-24-179-03 - Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-03"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/topics/industrial-control-systems"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "Yokogawa FAST/TOOLS and CI Server",
    "tracking": {
      "current_release_date": "2024-06-27T06:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-24-179-03",
      "initial_release_date": "2024-06-27T06:00:00.000000Z",
      "revision_history": [
        {
          "date": "2024-06-27T06:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "Initial Publication"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=R9.01|\u003c=R10.04",
                "product": {
                  "name": "Yokogawa FAST/TOOLS  RVSVRN Package: \u003e=R9.01|\u003c=R10.04",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "FAST/TOOLS  RVSVRN Package"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=R9.01|\u003c=R10.04",
                "product": {
                  "name": "Yokogawa FAST/TOOLS  UNSVRN Package: \u003e=R9.01|\u003c=R10.04",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "FAST/TOOLS  UNSVRN Package"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=R9.01|\u003c=R10.04",
                "product": {
                  "name": "Yokogawa FAST/TOOLS  HMIWEB Package: \u003e=R9.01|\u003c=R10.04",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "FAST/TOOLS  HMIWEB Package"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=R9.01|\u003c=R10.04",
                "product": {
                  "name": "Yokogawa FAST/TOOLS  FTEES Package: \u003e=R9.01|\u003c=R10.04",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "FAST/TOOLS  FTEES Package"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=R9.01|\u003c=R10.04",
                "product": {
                  "name": "Yokogawa FAST/TOOLS  HMIMOB Package: \u003e=R9.01|\u003c=R10.04",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_name",
            "name": "FAST/TOOLS  HMIMOB Package"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=R1.01.00|\u003c=R1.03.00",
                "product": {
                  "name": "Yokogawa CI Server: \u003e=R1.01.00|\u003c=R1.03.00",
                  "product_id": "CSAFPID-0006"
                }
              }
            ],
            "category": "product_name",
            "name": "CI Server"
          }
        ],
        "category": "vendor",
        "name": "Yokogawa"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-4105",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected product\u0027s WEB HMI server\u0027s function to process HTTP requests has a security flaw (reflected XSS) that allows the execution of malicious scripts. Therefore, if a client PC with inadequate security measures accesses a product URL containing a malicious request, the malicious script may be executed on the client PC.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-4105"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Yokogawa recommends customers using FAST/TOOLS to update to R10.04 and first apply patch software R10.04 SP3 and afterwards apply patch software I12560.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Yokogawa recommends customers using Collaborative Information Server (CI Server) to update to R1.03.00 and apply patch software R10.04 SP3.",
          "product_ids": [
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "For both platforms, if the password for the default account has not been changed, please change that password according to the documentation included with the patch software.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "Yokogawa strongly recommends all customers to establish and maintain a full security program, not only for the vulnerability identified in this YSAR. Security program components are: Patch updates, Anti-virus, Backup and recovery, zoning, hardening, whitelisting, firewall, etc. Yokogawa can assist in setting up and running the security program continuously. For considering the most effective risk mitigation plan, as a starting point, Yokogawa can perform a security risk assessment.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "For questions related to this report, please contact Yokogawa",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ],
          "url": "https://contact.yokogawa.com/cs/gw?c-id=000498"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2024-4106",
      "cwe": {
        "id": "CWE-258",
        "name": "Empty Password in Configuration File"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected products have built-in accounts with no passwords set. Therefore, if the product is operated without a password set by default, an attacker can break into the affected product.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-4106"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Yokogawa recommends customers using FAST/TOOLS to update to R10.04 and first apply patch software R10.04 SP3 and afterwards apply patch software I12560.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Yokogawa recommends customers using Collaborative Information Server (CI Server) to update to R1.03.00 and apply patch software R10.04 SP3.",
          "product_ids": [
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "For both platforms, if the password for the default account has not been changed, please change that password according to the documentation included with the patch software.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "Yokogawa strongly recommends all customers to establish and maintain a full security program, not only for the vulnerability identified in this YSAR. Security program components are: Patch updates, Anti-virus, Backup and recovery, zoning, hardening, whitelisting, firewall, etc. Yokogawa can assist in setting up and running the security program continuously. For considering the most effective risk mitigation plan, as a starting point, Yokogawa can perform a security risk assessment.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "For questions related to this report, please contact Yokogawa",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ],
          "url": "https://contact.yokogawa.com/cs/gw?c-id=000498"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ]
    }
  ]
}

FKIE_CVE-2024-4105

Vulnerability from fkie_nvd - Published: 2024-06-26 06:15 - Updated: 2024-11-21 09:42

Severity ?

5.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Summary

References

	URL	Tags
	7168b535-132a-4efe-a076-338f829b2eb9	https://web-material3.yokogawa.com/1/36059/files/YSAR-24-0001-E.pdf
	af854a3a-2127-422b-91ae-364da2661108	https://web-material3.yokogawa.com/1/36059/files/YSAR-24-0001-E.pdf

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been found in FAST/TOOLS and CI Server. The affected product\u0027s WEB HMI server\u0027s function to process HTTP requests has a security flaw (Reflected XSS) that allows the execution of malicious scripts. Therefore, if a client PC with inadequate security measures accesses a product URL containing a malicious request, the malicious script may be executed on the client PC.\nThe affected products and versions are as follows:\nFAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04\nCI Server R1.01.00 to R1.03.00"
    },
    {
      "lang": "es",
      "value": "Se ha encontrado una vulnerabilidad en FAST/TOOLS y CI Server. La funci\u00f3n del servidor WEB HMI del producto afectado para procesar solicitudes HTTP tiene un fallo de seguridad (XSS Reflejado) que permite la ejecuci\u00f3n de scripts maliciosos. Por lo tanto, si una PC cliente con medidas de seguridad inadecuadas accede a la URL de un producto que contiene una solicitud maliciosa, el script malicioso puede ejecutarse en la PC cliente. Los productos y versiones afectados son los siguientes: FAST/TOOLS (Paquetes: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 a R10.04 CI Server R1.01.00 a R1.03.00"
    }
  ],
  "id": "CVE-2024-4105",
  "lastModified": "2024-11-21T09:42:12.100",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "7168b535-132a-4efe-a076-338f829b2eb9",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-06-26T06:15:15.500",
  "references": [
    {
      "source": "7168b535-132a-4efe-a076-338f829b2eb9",
      "url": "https://web-material3.yokogawa.com/1/36059/files/YSAR-24-0001-E.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://web-material3.yokogawa.com/1/36059/files/YSAR-24-0001-E.pdf"
    }
  ],
  "sourceIdentifier": "7168b535-132a-4efe-a076-338f829b2eb9",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "7168b535-132a-4efe-a076-338f829b2eb9",
      "type": "Secondary"
    }
  ]
}

GSD-2024-4105

Vulnerability from gsd - Updated: 2024-04-24 05:02

Details

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Aliases

CVE-2024-4105

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-4105"
      ],
      "id": "GSD-2024-4105",
      "modified": "2024-04-24T05:02:07.889121Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2024-4105",
        "STATE": "RESERVED"
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
          }
        ]
      }
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-4105 (GCVE-0-2024-4105)

GHSA-WF34-93RM-QPCQ

ICSA-24-179-03

FKIE_CVE-2024-4105

GSD-2024-4105

Tags

Sightings

Nomenclature