CVE-2024-4106
📋 TL;DR
This vulnerability allows attackers to access FAST/TOOLS and CI Server systems through built-in accounts that have no passwords set by default. Affected organizations are those using vulnerable versions of Yokogawa's industrial control system software without proper password configuration.
💻 Affected Systems
- FAST/TOOLS
- CI Server
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise allowing attackers to manipulate industrial processes, steal sensitive operational data, or disrupt critical infrastructure operations.
Likely Case
Unauthorized access to control systems enabling configuration changes, data exfiltration, or reconnaissance for further attacks.
If Mitigated
Limited impact if proper network segmentation and access controls prevent external access to vulnerable systems.
🎯 Exploit Status
Exploitation requires no authentication and uses default accounts with no passwords. Attackers only need network access to vulnerable systems.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: FAST/TOOLS R10.04.01 or later, CI Server R1.03.01 or later
Vendor Advisory: https://web-material3.yokogawa.com/1/36059/files/YSAR-24-0001-E.pdf
Restart Required: Yes
Instructions:
1. Download patches from Yokogawa support portal. 2. Apply patches according to vendor documentation. 3. Restart affected services. 4. Verify password requirements are enforced.
🔧 Temporary Workarounds
Set Strong Passwords
allManually set strong, unique passwords for all built-in accounts on affected systems.
Use system administration tools to set passwords for all user accounts
Disable Unused Accounts
allDisable any built-in accounts that are not required for operations.
Use account management tools to disable unnecessary accounts
🧯 If You Can't Patch
- Implement strict network segmentation to isolate affected systems from untrusted networks
- Enable multi-factor authentication and implement strict access controls
🔍 How to Verify
Check if Vulnerable:
Check system version against affected ranges and verify if built-in accounts have no passwords set.Check Version:
Check version through system administration interface or vendor documentationVerify Fix Applied:
Verify system version is patched and attempt to access built-in accounts without credentials should fail.📡 Detection & Monitoring
Log Indicators:
- Failed authentication attempts followed by successful logins to built-in accounts
- Unusual access patterns to system administration functions
Network Indicators:
- Authentication attempts to known built-in account names
- Unusual traffic patterns to industrial control system ports
SIEM Query:
source="industrial_system" AND (event_type="authentication" AND (account_name="built-in_account" OR account_name="default_account"))