CVE-2026-11833: CWE-319 Cleartext transmission of sensitive information in Yokogawa Electric Corporation FAST/TOOLS
A vulnerability (CVE-2026-11833) in Yokogawa Electric Corporation's FAST/TOOLS and CI Server products allows the web server to return responses containing CI Server setting information. This cleartext transmission of sensitive information could be exploited by attackers to facilitate further attacks. The affected FAST/TOOLS versions range from R9.01 to R10.04, and CI Server versions from R1.01 to R1.04. The vulnerability is classified as CWE-319 and has a high severity with a CVSS 4.0 base score of 8.2.
AI Analysis
Technical Summary
CVE-2026-11833 is a vulnerability in Yokogawa Electric Corporation's FAST/TOOLS and CI Server products where the web server may disclose CI Server configuration information in its responses. This cleartext transmission of sensitive data (CWE-319) can be leveraged by attackers to conduct additional attacks. The affected FAST/TOOLS packages include RVSVRN, UNSVRN, HMIWEB, FTEES, and HMIMOB versions R9.01 through R10.04, while all CI Server packages from R1.01 through R1.04 are impacted. The vulnerability has a CVSS 4.0 score of 8.2, indicating high severity. No official remediation or patch information is currently available.
Potential Impact
The vulnerability allows sensitive CI Server configuration information to be transmitted in cleartext via the web server response. This exposure could enable attackers to gain insights useful for further attacks against the affected systems. There is no indication of direct system compromise solely from this vulnerability, but the information disclosure increases the attack surface and risk.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or remediation level is provided, users should monitor Yokogawa Electric Corporation's advisories for updates. Until a patch is available, limit exposure by restricting access to the affected web servers and consider network-level controls to prevent unauthorized interception of traffic.
CVE-2026-11833: CWE-319 Cleartext transmission of sensitive information in Yokogawa Electric Corporation FAST/TOOLS
Description
A vulnerability (CVE-2026-11833) in Yokogawa Electric Corporation's FAST/TOOLS and CI Server products allows the web server to return responses containing CI Server setting information. This cleartext transmission of sensitive information could be exploited by attackers to facilitate further attacks. The affected FAST/TOOLS versions range from R9.01 to R10.04, and CI Server versions from R1.01 to R1.04. The vulnerability is classified as CWE-319 and has a high severity with a CVSS 4.0 base score of 8.2.
CVSS v4.0
Score 8.2high
Affected software
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-11833 is a vulnerability in Yokogawa Electric Corporation's FAST/TOOLS and CI Server products where the web server may disclose CI Server configuration information in its responses. This cleartext transmission of sensitive data (CWE-319) can be leveraged by attackers to conduct additional attacks. The affected FAST/TOOLS packages include RVSVRN, UNSVRN, HMIWEB, FTEES, and HMIMOB versions R9.01 through R10.04, while all CI Server packages from R1.01 through R1.04 are impacted. The vulnerability has a CVSS 4.0 score of 8.2, indicating high severity. No official remediation or patch information is currently available.
Potential Impact
The vulnerability allows sensitive CI Server configuration information to be transmitted in cleartext via the web server response. This exposure could enable attackers to gain insights useful for further attacks against the affected systems. There is no indication of direct system compromise solely from this vulnerability, but the information disclosure increases the attack surface and risk.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or remediation level is provided, users should monitor Yokogawa Electric Corporation's advisories for updates. Until a patch is available, limit exposure by restricting access to the affected web servers and consider network-level controls to prevent unauthorized interception of traffic.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- YokogawaGroup
- Date Reserved
- 2026-06-09T22:13:24.421Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a39e745eed863c81eee2ce7
Added to database: 06/23/2026, 01:54:13 UTC
Last enriched: 06/23/2026, 02:09:07 UTC
Last updated: 06/23/2026, 02:12:37 UTC
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.