5.8

CVE-2024-4105

A vulnerability has been found in FAST/TOOLS and CI Server. The affected product's WEB HMI server's function to process HTTP requests has a security flaw (Reflected XSS) that allows the execution of malicious scripts. Therefore, if a client PC with inadequate security measures accesses a product URL containing a malicious request, the malicious script may be executed on the client PC.
The affected products and versions are as follows:
FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04
CI Server R1.01.00 to R1.03.00
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerYokogawa Electric Corporation
Produkt FAST/TOOLS
Default Statusunknown
Version <= R10.04
Version R9.01
Status affected
HerstellerYokogawa Electric Corporation
Produkt CI Server
Default Statusunknown
Version <= R1.03.00
Version R1.01.00
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.48% 0.374
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
7168b535-132a-4efe-a076-338f829b2eb9 5.8 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://web-material3.yokogawa.com/1/36059/files/YSAR-24-0001-E.pdf