CVE-2024-4105 Yokogawa CVE debrief

Who should care

Organizations operating Yokogawa FAST/TOOLS (versions R9.01–R10.04) or CI Server (versions R1.01.00–R1.03.00) in industrial environments, particularly those with externally accessible or poorly segmented WEB HMI interfaces. Critical infrastructure operators in energy, manufacturing, and process industries using these SCADA/HMI platforms should prioritize patching and access controls.

Technical summary

The WEB HMI server in affected Yokogawa products improperly processes HTTP requests, enabling reflected XSS attacks. An attacker can craft a malicious URL containing script payloads; when a client PC with inadequate security measures accesses this URL, the script executes in the browser context. This requires user interaction (accessing the crafted URL) but can compromise client sessions or enable further attacks against HMI infrastructure.

Defensive priority

MEDIUM

Recommended defensive actions

• Apply vendor patches: For FAST/TOOLS, update to R10.04, apply patch R10.04 SP3, then apply patch I12560. For CI Server, update to R1.03.00 and apply patch R10.04 SP3.
• Change default account passwords if not already modified, per patch documentation.
• Implement defense-in-depth security controls including network segmentation, host hardening, application whitelisting, and firewall restrictions for WEB HMI access.
• Contact Yokogawa for security risk assessment services to establish comprehensive security program covering patch management, anti-virus, backup/recovery, and zoning.
• Restrict WEB HMI access to trusted networks and enforce client-side security measures on systems accessing HMI interfaces.

Evidence notes

Source: CISA CSAF advisory ICSA-24-179-03 (2024-06-27). CVSS 3.1 score 5.8 (MEDIUM). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N. Not listed in CISA KEV.

Official resources