HomeIntelligenceBrief
VULNERABILITY BRIEF🟠 High Vulnerability

Cleartext Transmission of Sensitive Information in Yokogawa FAST/TOOLS and CI Server (CVE‑2026‑11833) Exposes Configuration Data

Yokogawa FAST/TOOLS (R9.01‑R10.04) and CI Server (R1.01‑R1.04) may return configuration data in cleartext, creating a foothold for attackers. The CVSS 7.5 rating makes it a high‑severity issue for critical‑manufacturing and energy operators, and it directly impacts SOC 2 control compliance.

LiveThreat™ Intelligence · 📅 June 25, 2026· 📰 cisa.gov
🟠
Severity
High
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
3 sector(s)
Actions
5 recommended
📰
Source
cisa.gov

Cleartext Transmission of Sensitive Information in Yokogawa FAST/TOOLS and CI Server (CVE‑2026‑11833) Exposes Configuration Data

What It Is – A vulnerability (CVE‑2026‑11833) in Yokogawa FAST/TOOLS (versions R9.01‑R10.04) and the Collaborative Information (CI) Server (versions R1.01‑R1.04) allows the web server to return responses that include CI Server configuration settings in cleartext.

Exploitability – The flaw is rated CVSS v3 7.5 (High). No public exploit code has been released, but the vulnerability is trivially exploitable by sending crafted HTTP requests to the affected web interface.

Affected Products – Yokogawa FAST/TOOLS (R9.01‑R10.04) and Yokogawa Collaborative Information Server (CI Server) (R1.01‑R1.04).

Why It Matters for Compliance & Audit Readiness

  • Control Mapping – The exposure directly violates SOC 2 CC6.1 (Logical Access) and CC7.1 (System Operations) requirements to protect configuration data in transit; mapping this gap to your control matrix is essential for audit evidence.
  • Continuous Evidence – Demonstrating that you have applied Yokogawa’s patches (FAST/TOOLS R10.04 SP4, CI Server R1.05) and can produce automated proof of remediation satisfies the “continuous monitoring” expectations of modern SOC 2 engagements.
  • Due Diligence – For critical‑manufacturing and energy operators, regulators and enterprise customers increasingly request proof that third‑party OT systems are free of cleartext transmission flaws; a documented remediation workflow becomes a defensible part of your vendor‑risk file.

Recommended Actions

  • Patch Immediately – Deploy FAST/TOOLS R10.04 SP4 and upgrade CI Server to R1.05 or later.
  • Validate Remediation – Run authenticated scans to confirm that configuration endpoints no longer return cleartext data. Capture scan logs as audit evidence.
  • Map to SOC 2 Controls – Update your control inventory to reflect the new configuration‑hardening control; link remediation tickets to the relevant CC6.1/CC7.1 controls.
  • Enable Encryption in Transit – If not already enforced, configure TLS for all web interfaces and enforce strong cipher suites.
  • Monitor for Anomalous Access – Deploy logging and alerting on CI Server endpoints to detect any unexpected enumeration attempts.

Source: CISA Advisory – ICSA‑26‑176‑01

📰 Original Source
https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-01

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Every gap like this maps to a control you can evidence.

The Verisq AI Trust Operations platform maps incidents to your control framework and collects the evidence continuously — so your Trust Center shows proof, not promises, when a buyer or auditor asks.

Explore the Verisq AI Trust Operations platform →