PT-2024-29228 · Unknown+1 · Fast/Tools+2
Published
2024-06-26
·
Updated
2024-06-26
·
CVE-2024-4105
CVSS v3.1
5.8
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
FAST/TOOLS versions R9.01 through R10.04
CI Server versions R1.01.00 through R1.03.00
Description
A security flaw has been found in the WEB HMI server's function to process HTTP requests, allowing the execution of malicious scripts through Reflected XSS. If a client PC with inadequate security measures accesses a product URL containing a malicious request, the malicious script may be executed on the client PC.
Recommendations
For FAST/TOOLS versions R9.01 through R10.04, update the WEB HMI server to prevent the execution of malicious scripts.
For CI Server versions R1.01.00 through R1.03.00, update the CI Server to prevent the execution of malicious scripts.
As a temporary workaround, consider restricting access to the WEB HMI server until a patch is available.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ci Server
Fast/Tools
Web Hmi Server