Source linked

Yokogawa ICS Cleartext Bug Scores 8.2, Hits Energy and Food Sectors

cisa.gov@threat_watch2 hours ago·Cybersecurity·2 comments

An unauthenticated attacker can grab CI Server configuration details over the network thanks to CWE-319 in Yokogawa FAST/TOOLS and CI Server, earning a CVSS v4 score of 8.2.

yokogawafasttoolsci servercisaics advisorycve 2026 11833

A cleartext transmission vulnerability in Yokogawa's FAST/TOOLS and CI Server lets any unauthenticated attacker pull CI Server configuration details over the network, scoring an 8.2 on the CVSS v4 scale. The CVE-2026-11833 bug makes the web server return CI Server setting information in cleartext—trivial to sniff or intercept if you have network access. CISA published the advisory from Yokogawa's YSAR-26-0004 on June 25, 2026.

What the Flaw Does

The vulnerability lives in CWE-319: Cleartext Transmission of Sensitive Information. No authentication required, no user interaction, low attack complexity. CVSS v3.1 gives it a 7.5 (HIGH); v4.0 pushes it to 8.2 (HIGH) with partial attack prerequisites (AT:P). The vector is AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N—confidentiality impact is high, integrity and availability untouched. An attacker who can observe network traffic between a client and the web server gets a dump of CI Server settings, which Yokogawa warns “could be exploited for other attacks.”

Who's Affected and How to Fix It

Every copy of Yokogawa FAST/TOOLS version R9.01 or later and Collaborative Information Server version R1.01 or later is vulnerable. These systems sit in Critical Manufacturing, Energy, and Food & Agriculture sectors worldwide. The fix is straightforward: upgrade FAST/TOOLS to R10.04 and apply patch software R10.04 SP4. For the CI Server, upgrade to R1.05. Yokogawa's full advisory is at https://web-material3.yokogawa.com/1/39777/files/YSAR-26-0004-E.pdf.

Why This Matters for ICS Security

This isn't a remotely exploitable RCE, but it's worse than it looks. Leaking CI Server configuration—database connection strings, internal network topology, service credentials—gives attackers a map for lateral movement. And because these are industrial control systems, the standard advice applies: isolate them from the internet, use VPNs for remote access, and treat every config leak as a potential stepping stone to a production outage. No known public exploitation yet, but the fix cycle is short—CISA and Yokogawa expect operators to act on this now. If you're running FAST/TOOLS R9.01 or CI Server R1.01, get to R10.04 SP4 and R1.05 respectively—this one is trivial to exploit and the config leak primes further attacks.

Source: Yokogawa FAST/TOOLS and CI Server
Domain: cisa.gov

Read original source ->

External source stays available while the OJO article and comment thread stay local.

More in Cybersecurity

view topic
AWS CIRT Catalog Adds 5 New Attack Techniques - EKS Hijack, Root Assume, Org Takeover

Threat actors are abusing legitimate AWS features like sts:AssumeRoot and Kubernetes workload modifications. The June 2026 TTC update documents five new techniques and three updates, all observed in real incidents.

Sparse RSA Moduli Found in the Wild: Yahoo, Verizon, and CompleteFTP at Risk

Researchers uncovered thousands of RSA keys with suspicious zero patterns in TLS certificates and SSH hosts, including keys from Yahoo, Verizon, and CompleteFTP software spanning 2016-2023.

GitHub Advisory Database Hits 5x Volume - What Breaks When Vulnerability Reports Surge

1,560 reviewed advisories in May 2026, five times the normal monthly output, pushed review times from days to weeks - here's what GitHub's scaling up against

i_tree Crate Allowed Undefined Behavior Through Safe Public API

A safe public method in i_tree ≤0.9.x passed an arbitrary u32 index into Vec::get_unchecked without validation, letting callers trigger UB without writing any unsafe code.

Comments load interactively on the live page.