Yokogawa FAST/TOOLS and CI Server
View CSAF Summary Successful exploitation of this vulnerability may return a response containing the CI Server setting information. The following versions of Yokogawa FAST/TOOLS and CI Server are affected: FAST/TOOLS >=R9.01|<=R10.04 Collaborative Information Server (CI Server) >=R1.01|<=R1.04 CVSS Vendor Equipment Vulnerabilities v3 7.5 Yokogawa Yokogawa FAST/TOOLS and CI Server Cleartext Transmission of Sensitive Information Background Critical Infrastructure Sectors: Critical Manufacturing, Energy, Food and Agriculture Countries/Areas Deployed: Worldwide Company Headquarters Location: Japan Vulnerabilities Expand All + CVE-2026-11833 The web server may return a response containing the CI Server setting information. This information could be exploited by an attacker for other attacks. View CVE Details Affected Products Yokogawa FAST/TOOLS and CI Server Vendor: Yokogawa Product Version: Yokogawa FAST/TOOLS: >=R9.01|<=R10.04, Yokogawa Collaborative Information Server (CI Server): >=R1.01|<=R1.04 Product Status: known_affected Remediations Vendor fix Yokogawa recommends users update FAST/TOOLS up to R10.04 and apply patch software (R10.04 SP4). Mitigation Yokogawa recommends users update Collaborative Information Server (CI Server) up to R1.05. Mitigation For more information and details on implementing these mitigations, users should see the Yokogawa security advisory report YSAR-26-0004 at: https://web-material3.yokogawa.com/1/39777/files/YSAR-26-0004-E.pdf Mitigation For questions related to this report, please contact the below. https://contact.yokogawa.com/cs/gw?c-id=000498 Relevant CWE: CWE-319 Cleartext Transmission of Sensitive Information Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 4.0 8.2 HIGH CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Acknowledgments Yokogawa reported this vulnerability to JPCERT/CC Legal Notice and Terms of Use This product is provided subject t
CSIRTS triage
- What
- A vulnerability may return a response containing sensitive CI Server setting information.
- Who is affected
- Users of Yokogawa FAST/TOOLS and CI Server within the specified versions.
- Urgency
- Critical urgency due to the risk of sensitive information exposure.
- Action
- Update to versions beyond R10.04 for FAST/TOOLS and R1.04 for CI Server.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch FAST/TOOLS and CI Server
Get an email when a new FAST/TOOLS and CI Server advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-01
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-118330.22% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 12% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-11833 | coverage & exploitation status | NVD · CVE.org |
More from CISA Cybersecurity Advisories
- highCISA Adds Two Known Exploited Vulnerabilities to Catalog2026-07-10
- criticalSchneider Electric PowerChute Serial Shutdown2026-07-09
- criticalOpenPLC v32026-07-09
- criticalSchneider Electric Easergy MiCOM Px40 Series2026-07-09
- highCISA Adds One Known Exploited Vulnerability to Catalog2026-07-07