Fast Tools
Monthly
Information disclosure in Yokogawa FAST/TOOLS (R9.01-R10.04) and CI Server (R1.01-R1.04) allows unmodified network attackers to retrieve CI Server configuration data via the embedded web server. The leaked settings can be leveraged as reconnaissance fuel for follow-on attacks against the SCADA/automation environment. No public exploit identified at time of analysis, and the issue is not present in CISA KEV.
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product supports old SSL/TLS versions, potentially allowing an attacker to decrypt communications with the web server. [CVSS 7.5 HIGH]
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product supports weak cryptographic algorithms, potentially allowing an attacker to decrypt communications with the web server. [CVSS 7.5 HIGH]
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product is vulnerable to Cross-Site Request Forgery (CSRF). [CVSS 5.4 MEDIUM]
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Detailed messages are displayed on the error page. [CVSS 5.3 MEDIUM]
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly validate URLs. [CVSS 7.5 HIGH]
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The response header contains an insecure setting. [CVSS 5.3 MEDIUM]
Yokogawa FAST/TOOLS has a third vulnerability involving improper encoding of output that could enable injection attacks against the SCADA web interface.
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Since there are input fields on this webpage with the autocomplete attribute enabled, the input content could be saved in the browser the user is using. [CVSS 5.3 MEDIUM]
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The library version could be displayed on the web page. [CVSS 5.3 MEDIUM]
Yokogawa FAST/TOOLS has a second web server vulnerability involving improper cryptographic handling that weakens the security of SCADA communications.
Yokogawa FAST/TOOLS SCADA has a vulnerability in its web server component enabling unauthorized access to the industrial control monitoring system.
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not specify MIME types. [CVSS 6.1 MEDIUM]
Information disclosure in Yokogawa FAST/TOOLS (R9.01-R10.04) and CI Server (R1.01-R1.04) allows unmodified network attackers to retrieve CI Server configuration data via the embedded web server. The leaked settings can be leveraged as reconnaissance fuel for follow-on attacks against the SCADA/automation environment. No public exploit identified at time of analysis, and the issue is not present in CISA KEV.
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product supports old SSL/TLS versions, potentially allowing an attacker to decrypt communications with the web server. [CVSS 7.5 HIGH]
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product supports weak cryptographic algorithms, potentially allowing an attacker to decrypt communications with the web server. [CVSS 7.5 HIGH]
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product is vulnerable to Cross-Site Request Forgery (CSRF). [CVSS 5.4 MEDIUM]
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Detailed messages are displayed on the error page. [CVSS 5.3 MEDIUM]
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly validate URLs. [CVSS 7.5 HIGH]
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The response header contains an insecure setting. [CVSS 5.3 MEDIUM]
Yokogawa FAST/TOOLS has a third vulnerability involving improper encoding of output that could enable injection attacks against the SCADA web interface.
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Since there are input fields on this webpage with the autocomplete attribute enabled, the input content could be saved in the browser the user is using. [CVSS 5.3 MEDIUM]
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The library version could be displayed on the web page. [CVSS 5.3 MEDIUM]
Yokogawa FAST/TOOLS has a second web server vulnerability involving improper cryptographic handling that weakens the security of SCADA communications.
Yokogawa FAST/TOOLS SCADA has a vulnerability in its web server component enabling unauthorized access to the industrial control monitoring system.
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not specify MIME types. [CVSS 6.1 MEDIUM]