Source linked

Yokogawa ICS Cleartext Bug Scores 8.2, frappe les secteurs de l'énergie et de l'alimentation

Un attaquant non authentifié peut saisir les détails de la configuration du serveur CI sur le réseau grâce à CWE-319 dans Yokogawa FAST/TOOLS et le serveur CI, obtenant un score CVSS v4 de 8.2.

yokogawafasttoolsci servercisaics advisorycve 2026 11833

A cleartext transmission vulnerability in Yokogawa's FAST/TOOLS and CI Server lets any unauthenticated attacker pull CI Server configuration details over the network, scoring an 8.2 on the CVSS v4 scale. The CVE-2026-11833 bug makes the web server return CI Server setting information in cleartext—trivial to sniff or intercept if you have network access. CISA published the advisory from Yokogawa's YSAR-26-0004 on June 25, 2026.

What the Flaw Does

The vulnerability lives in CWE-319: Cleartext Transmission of Sensitive Information. No authentication required, no user interaction, low attack complexity. CVSS v3.1 gives it a 7.5 (HIGH); v4.0 pushes it to 8.2 (HIGH) with partial attack prerequisites (AT:P). The vector is AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N—confidentiality impact is high, integrity and availability untouched. An attacker who can observe network traffic between a client and the web server gets a dump of CI Server settings, which Yokogawa warns “could be exploited for other attacks.”

Who's Affected and How to Fix It

Every copy of Yokogawa FAST/TOOLS version R9.01 or later and Collaborative Information Server version R1.01 or later is vulnerable. These systems sit in Critical Manufacturing, Energy, and Food & Agriculture sectors worldwide. The fix is straightforward: upgrade FAST/TOOLS to R10.04 and apply patch software R10.04 SP4. For the CI Server, upgrade to R1.05. Yokogawa's full advisory is at https://web-material3.yokogawa.com/1/39777/files/YSAR-26-0004-E.pdf.

Why This Matters for ICS Security

This isn't a remotely exploitable RCE, but it's worse than it looks. Leaking CI Server configuration—database connection strings, internal network topology, service credentials—gives attackers a map for lateral movement. And because these are industrial control systems, the standard advice applies: isolate them from the internet, use VPNs for remote access, and treat every config leak as a potential stepping stone to a production outage. No known public exploitation yet, but the fix cycle is short—CISA and Yokogawa expect operators to act on this now. If you're running FAST/TOOLS R9.01 or CI Server R1.01, get to R10.04 SP4 and R1.05 respectively—this one is trivial to exploit and the config leak primes further attacks.


Source: Yokogawa FAST/TOOLS and CI Server
Domain: cisa.gov

Read original source ->

External source stays available while the OJO article and comment thread stay local.

Comments load interactively on the live page.