Severity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable web server discloses configuration without auth (PR:N/UI:N); AT:P in 4.0 maps to AC:H in 3.1; confidentiality-only impact.
Primary rating from Vendor (YokogawaGroup).
CVSS VectorVendor: YokogawaGroup
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
Overview: A vulnerability has been found in FAST/TOOLS and CI Server. The web server may return a response containing the CI Server setting information. This information could be exploited by an attacker for other attacks.
The affected products and versions are as follows:
FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04
CI Server (All packages) R1.01 to R1.04
AnalysisAI
Information disclosure in Yokogawa FAST/TOOLS (R9.01-R10.04) and CI Server (R1.01-R1.04) allows unmodified network attackers to retrieve CI Server configuration data via the embedded web server. The leaked settings can be leveraged as reconnaissance fuel for follow-on attacks against the SCADA/automation environment. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Network reachability to the affected FAST/TOOLS or CI Server web server is required, and the CVSS 4.0 AT:P flag indicates a specific (vendor-described but not publicly detailed) attack requirement - likely a particular request shape or configuration state - must be present for the leak to occur. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector (AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N) yields 8.2 and reflects a confidentiality-only impact reachable over the network without authentication or user interaction, though AT:P indicates a specific attack requirement must be met. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with network reachability to the FAST/TOOLS or CI Server web interface - for example a foothold on the corporate IT segment that can route into the DMZ-facing HMI - issues a crafted HTTP request and receives a response containing CI Server setting information. The disclosed configuration is then used to map the SCADA topology, identify tag names, service endpoints, or trust relationships that inform a follow-on intrusion deeper into the OT network. … |
| Remediation | Patch status is not explicitly stated in the supplied data, so consult Yokogawa security advisory YSAR-26-0004-E at https://web-material3.yokogawa.com/1/39777/files/YSAR-26-0004-E.pdf for the vendor-provided fix package and apply it to all FAST/TOOLS R9.01-R10.04 and CI Server R1.01-R1.04 deployments. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Fast Tools
View allYokogawa FAST/TOOLS has a second web server vulnerability involving improper cryptographic handling that weakens the sec
Yokogawa FAST/TOOLS SCADA has a vulnerability in its web server component enabling unauthorized access to the industrial
Yokogawa FAST/TOOLS has a third vulnerability involving improper encoding of output that could enable injection attacks
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly v
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product supports weak crypt
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product supports old SSL/TL
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not specify MI
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product is vulnerable to Cr
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Since there are input fields on
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Detailed messages are displayed
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The response header contains an
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The library version could be dis
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38411
GHSA-4852-997v-4274