Summary
Successful exploitation of these vulnerabilities could allow an attacker to redirected users to malicious sites, decrypt communications, perform a man-in-the-middle (MITM) attack, execute malicious scripts, steal files, and perform other various attacks.
The following versions of Yokogawa FAST/TOOLS are affected:
- FAST/TOOLS >=R9.01|<=R10.04 (CVE-2025-66594, CVE-2025-66595, CVE-2025-66597, CVE-2025-66598, CVE-2025-66599, CVE-2025-66600, CVE-2025-66601, CVE-2025-66602, CVE-2025-66603, CVE-2025-66604, CVE-2025-66605, CVE-2025-66606, CVE-2025-66607, CVE-2025-66608)
| CVSS | Vendor | Equipment | Vulnerabilities |
|---|---|---|---|
| v3 8.2 | Yokogawa | Yokogawa FAST/TOOLS | Generation of Error Message Containing Sensitive Information, Cross-Site Request Forgery (CSRF), Use of a Broken or Risky Cryptographic Algorithm, Exposure of Sensitive System Information to an Unauthorized Control Sphere, Improperly Implemented Security Check for Standard, Reliance on IP Address for Authentication, Cleartext Transmission of Sensitive Information, Exposure of Private Personal Information to an Unauthorized Actor, Improper Neutralization of Invalid Characters in Identifiers in Web Pages, Path Traversal: ‘\..\filename’ |
Background
- Critical Infrastructure Sectors: Critical Manufacturing, Energy, Food and Agriculture
- Countries/Areas Deployed: Worldwide
- Company Headquarters Location: Japan
Vulnerabilities
CVE-2025-66594
Detailed messages are displayed on the error page. This information could be exploited by an attacker for other attacks.
Affected Products
Yokogawa FAST/TOOLS
Yokogawa
Yokogawa FAST/TOOLS: >=R9.01|<=R10.04
known_affected
Remediations
Mitigation
Yokogawa recommends users update to revision R10.04 and apply patch software (CS_e12787). After the patch is applied, users should apply R10.04 SP3.
Mitigation
Yokogawa strongly recommends that all users establish and maintain a comprehensive security program, not just for addressing the vulnerability identified in this YSAR. Security program components include patch updates, antivirus software, backup and recovery solutions, zoning, hardening, whitelisting, firewalls, and other related measures. Yokogawa can assist organizations in setting up and continuously maintaining a security program. As a starting point for developing the most effective risk mitigation plan, Yokogawa offers security risk assessment services.
Mitigation
For questions related to this report, please contact Yokogawa https://contact.yokogawa.com/cs/gw?c-id=000498.
Relevant CWE: CWE-209 Generation of Error Message Containing Sensitive Information
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
CVE-2025-66595
This product is vulnerable to cross-site request forgery (CSRF). When a user accesses a link crafted by an attacker, the user’s account could be compromised.
Affected Products
Yokogawa FAST/TOOLS
Yo
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: