Description
Overview:
A vulnerability has been found in FAST/TOOLS and CI Server. The web server may return a response containing the CI Server setting information. This information could
be exploited by an attacker for other attacks.

The affected products and versions are as follows:

FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04

CI Server (All packages) R1.01 to R1.04
Published: 2026-06-23
Score: 8.2 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the web server component of Yokogawa FAST/TOOLS and CI Server, whereby it may return a response containing CI Server setting information. This information, considered sensitive, could be accessed by unauthenticated users and exploited for subsequent attacks, such as configuration tampering or unauthorized access. The weakness is categorized as insecure transmission of information (CWE‑319), leading to possible confidentiality compromise.

Affected Systems

Affected vendors include Yokogawa Electric Corporation. The product families impacted are FAST/TOOLS, specifically the packages RVSVRN, UNSVRN, HMIWEB, FTEES, and HMIMOB with versions ranging from R9.01 to R10.04, and CI Server for all packages with versions R1.01 to R1.04.

Risk and Exploitability

The vulnerability is assigned a CVSS score of 8.2, indicating high severity. EPSS data is unavailable, so the exact probability of exploitation is unknown, but the lack of KEV listing suggests no confirmed exploitation yet. The likely attack vector is remote through the HTTP/HTTPS interface of the web server, providing an attacker unauthenticated access to configuration information.

Generated by OpenCVE AI on June 23, 2026 at 02:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade FAST/TOOLS to a version newer than R10.04 and CI Server to a version newer than R1.04 or apply the vendor‑issued patch that removes the disclosure of configuration data.
  • Restrict access to the web server that hosts the CI Server settings, for example by configuring firewall rules or placing the server on a separate VLAN to limit unauthenticated access.
  • Configure the web server to require authentication for accessing the CI Server configuration endpoints, ensuring only authorized users can view settings.

Generated by OpenCVE AI on June 23, 2026 at 02:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 23 Jun 2026 03:15:00 +0000

Type Values Removed Values Added
Title Information Disclosure in Yokogawa FAST/TOOLS and CI Server via Web Server Response

Tue, 23 Jun 2026 01:45:00 +0000

Type Values Removed Values Added
Description Overview: A vulnerability has been found in FAST/TOOLS and CI Server. The web server may return a response containing the CI Server setting information. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04 CI Server (All packages) R1.01 to R1.04
Weaknesses CWE-319
References
Metrics cvssV4_0

{'score': 8.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: YokogawaGroup

Published:

Updated: 2026-06-23T00:53:43.698Z

Reserved: 2026-06-09T22:13:24.421Z

Link: CVE-2026-11833

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-23T03:00:12Z

Weaknesses
  • CWE-319

    Cleartext Transmission of Sensitive Information