### [CVE-2024-4106](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4106)
![](https://img.shields.io/static/v1?label=Product&message=CI%20Server&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=FAST%2FTOOLS&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=R1.01.00%3C%3D%20R1.03.00%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=R9.01%3C%3D%20R10.04%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-258%20Empty%20Password%20in%20Configuration%20File&color=brighgreen)

### Description

A vulnerability has been found in FAST/TOOLS and CI Server. The affected products have built-in accounts with no passwords set. Therefore, if the product is operated without a password set by default, an attacker can break into the affected product.The affected products and versions are as follows:FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04CI Server R1.01.00 to R1.03.00

### POC

#### Reference
- https://web-material3.yokogawa.com/1/36059/files/YSAR-24-0001-E.pdf

#### Github
No PoCs found on GitHub currently.