ICSA-24-179-03 · Published 2024-06-27 · View on CISA ICS-CERT ↗

Yokogawa FAST/TOOLS and CI Server

CVSS 5.8 MEDIUM

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to launch a malicious script and take control of affected products.

CVE-2024-4105 CVE-2024-4106

Yokogawa recommends customers using FAST/TOOLS to update to R10.04 and first apply patch software R10.04 SP3 and afterwards apply patch software I12560.
Yokogawa recommends customers using Collaborative Information Server (CI Server) to update to R1.03.00 and apply patch software R10.04 SP3.
For both platforms, if the password for the default account has not been changed, please change that password according to the documentation included with the patch software.
Yokogawa strongly recommends all customers to establish and maintain a full security program, not only for the vulnerability identified in this YSAR. Security program components are: Patch updates, Anti-virus, Backup and recovery, zoning, hardening, whitelisting, firewall, etc. Yokogawa can assist in setting up and running the security program continuously. For considering the most effective risk mitigation plan, as a starting point, Yokogawa can perform a security risk assessment.
For questions related to this report, please contact Yokogawa

Yokogawa

Yokogawa · FAST/TOOLS RVSVRN Package >=R9.01|<=R10.04

Yokogawa · FAST/TOOLS UNSVRN Package >=R9.01|<=R10.04

Yokogawa · FAST/TOOLS HMIWEB Package >=R9.01|<=R10.04

Yokogawa · FAST/TOOLS FTEES Package >=R9.01|<=R10.04

Yokogawa · FAST/TOOLS HMIMOB Package >=R9.01|<=R10.04

Yokogawa · CI Server >=R1.01.00|<=R1.03.00

Critical Manufacturing, Energy, Food and Agriculture

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.