CVE-2024-4106
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-4106
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability has been found in FAST/TOOLS and CI Server. The affected products have built-in accounts with no passwords set. Therefore, if the product is operated without a password set by default, an attacker can break into the affected product. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04 CI Server R1.01.00 to R1.03.00
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
配置文件中缺省空口令
Source: NVD (National Vulnerability Database)
Vulnerability Title
Yokogawa FAST/TOOLS 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Yokogawa FAST/TOOLS是日本横河电机(Yokogawa)公司的一个实时操作管理和可视化软件。 Yokogawa FAST/TOOLS R9.01 到 R10.04版本、Collaborative Information Server R1.01.00 到 R1.03.00版本存在安全漏洞,该漏洞源于受影响的产品内置了未设置密码的账户,攻击者利用该漏洞可以侵入受影响的产品。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Yokogawa Electric Corporation | FAST/TOOLS | R9.01 ~ R10.04 | - | |
| Yokogawa Electric Corporation | CI Server | R1.01.00 ~ R1.03.00 | - |
II. Public POCs for CVE-2024-4106
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-4106
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same vendor: Yokogawa Electric Corporation
Same weakness: CWE-258
- CVE-2025-9276
Cockroach Labs cockroach-k8s-request-cert Empty Root Passwor - CVE-2025-4395
Medtronic MyCareLink Patient Monitor Empty Password Vulnerab - CVE-2024-35137
IBM Security Access Manager Docker information disclosure - CVE-2023-43016
IBM Security Access Manager Container unauthorized access - CVE-2023-39439
SAP Commerce accepts empty passphrases.
V. Comments for CVE-2024-4106
No comments yet