CISA has republished a Yokogawa security advisory detailing a high-severity vulnerability affecting the FAST/TOOLS industrial automation platform and its Collaborative Information Server (CI Server) component. The flaw, tracked as CVE-2026-11833, stems from cleartext transmission of sensitive information and carries a CVSS v3.1 base score of 7.5 (HIGH) and a CVSS v4.0 score of 8.2 (HIGH).
Vulnerability Details
The affected web server may return responses that include CI Server configuration data in an unprotected form. An attacker who intercepts or otherwise accesses this traffic could leverage the exposed settings to facilitate further attacks against the target environment. The vulnerability is classified under CWE-319 (Cleartext Transmission of Sensitive Information).
The attack vector is network-based, requires no authentication, no user interaction, and operates at low complexity, making it accessible to a broad range of threat actors. No known public exploitation has been reported to CISA at this time.
Affected Versions
- Yokogawa FAST/TOOLS: versions R9.01 through R10.04
- Yokogawa Collaborative Information Server (CI Server): versions R1.01 through R1.04
Deployments are worldwide, with the vulnerability particularly relevant to critical infrastructure sectors including critical manufacturing, energy, and food and agriculture.
Remediation
Yokogawa recommends the following actions:
- Update FAST/TOOLS to R10.04 and apply the R10.04 SP4 patch software.
- Update the Collaborative Information Server to version R1.05 or later.
Full remediation details are available in Yokogawa’s security advisory report YSAR-26-0004. Organizations that cannot immediately apply patches should follow CISA’s standard ICS hardening guidance: isolate control system networks behind firewalls, prevent direct internet exposure, and require VPN access for any remote connectivity.
Broader Context
Yokogawa reported the vulnerability to JPCERT/CC, which coordinated the disclosure. The advisory was initially released on June 25, 2026. Security teams operating Yokogawa platforms in OT environments should treat configuration data exposure as a meaningful risk, since leaked settings can assist attackers in mapping network topology or identifying further attack surfaces within industrial control system deployments.
