PatchSiren cyber security CVE debrief

CVE-2024-4106 Yokogawa CVE debrief

CVE-2024-4106 is a medium-severity vulnerability affecting Yokogawa FAST/TOOLS and CI Server products, published on June 27, 2024. The vulnerability stems from built-in accounts with no passwords set by default, allowing attackers to gain unauthorized access if products are operated without password configuration. The CVSS 3.1 score of 5.3 reflects network-based attack vector with low attack complexity, no privileges required, and low confidentiality impact. Six product variants are affected across FAST/TOOLS packages (RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) versions R9.01 through R10.04, and CI Server versions R1.01.00 through R1.03.00. Yokogawa has provided specific patching guidance: FAST/TOOLS users should update to R10.04, apply patch R10.04 SP3, then apply patch I12560; CI Server users should update to R1.03.00 and apply patch R10.04 SP3. Critical immediate action is required for any deployments still using default account passwords—these must be changed per patch documentation. The vendor additionally recommends comprehensive security program implementation including ongoing patch management, anti-virus, backup/recovery, network zoning, system hardening, application whitelisting, and firewall deployment. Organizations may contact Yokogawa for security risk assessment services to develop effective mitigation strategies. This vulnerability is not currently listed in CISA's Known Exploited Vulnerabilities catalog.

Vendor: Yokogawa
Product: FAST/TOOLS RVSVRN Package
CVSS: MEDIUM 5.3
CISA KEV: Not listed in stored evidence
Original CVE published: 2024-06-27
Original CVE updated: 2024-06-27
Advisory published: 2024-06-27
Advisory updated: 2024-06-27

Who should care

Industrial control system operators using Yokogawa FAST/TOOLS or CI Server, particularly in critical infrastructure sectors. Security teams responsible for OT/ICS asset management and patch deployment. Organizations with legacy Yokogawa deployments that may have unconfigured default accounts. Compliance officers tracking CISA ICS advisories for regulatory reporting.

Technical summary

The vulnerability exists in Yokogawa's FAST/TOOLS SCADA platform and CI Server collaborative information server where built-in accounts ship with no passwords configured. When deployed with default settings, these accounts allow unauthenticated network access. The attack requires no privileges and has low complexity, though user interaction may be required in some CVSS 4.0 scoring contexts. Affected versions span multiple FAST/TOOLS component packages (RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) from R9.01 to R10.04, and CI Server R1.01.00 to R1.03.00. Remediation follows a staged patch approach with version upgrades and supplemental patches, plus mandatory password configuration for default accounts.

Defensive priority

high

Recommended defensive actions

Apply Yokogawa-provided patches: FAST/TOOLS users update to R10.04, apply R10.04 SP3, then I12560; CI Server users update to R1.03.00 and apply R10.04 SP3
Immediately change default account passwords on all affected products per patch documentation
Implement comprehensive security program including patch management, anti-virus, backups, network zoning, hardening, whitelisting, and firewalls
Contact Yokogawa for security risk assessment to develop tailored mitigation strategy
Monitor CISA ICS advisories for additional guidance

Evidence notes

Vulnerability details and remediation guidance sourced from CISA CSAF advisory ICSA-24-179-03. CVSS vector confirmed as CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. Six affected products identified with specific version ranges. Vendor fix and mitigation steps explicitly documented in source remediations array.

Official resources

2024-06-27