Search criteria
18 vulnerabilities found for FAST/TOOLS by Yokogawa Electric Corporation
CVE-2025-66594 (GCVE-0-2025-66594)
Vulnerability from cvelistv5 – Published: 2026-02-09 03:37 – Updated: 2026-02-09 19:05
VLAI?
Summary
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
Detailed messages are displayed on the error
page. This information could be exploited by an attacker for other attacks.
The
affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to
R10.04
Severity ?
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yokogawa Electric Corporation | FAST/TOOLS |
Affected:
R9.01 , ≤ R10.04
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66594",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-09T19:04:02.805773Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T19:05:33.989Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "FAST/TOOLS",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"lessThanOrEqual": "R10.04",
"status": "affected",
"version": "R9.01",
"versionType": "custom"
}
]
}
],
"datePublic": "2026-02-09T03:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\u003c/p\u003e\u003cp\u003eDetailed messages are displayed on the error\npage. This information could be exploited by an attacker for other attacks.\u003c/p\u003e\n\n\u003cp\u003eThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04\u003c/p\u003e"
}
],
"value": "A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\n\nDetailed messages are displayed on the error\npage. This information could be exploited by an attacker for other attacks.\n\n\n\nThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T03:37:30.800Z",
"orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"shortName": "YokogawaGroup"
},
"references": [
{
"url": "https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"assignerShortName": "YokogawaGroup",
"cveId": "CVE-2025-66594",
"datePublished": "2026-02-09T03:37:30.800Z",
"dateReserved": "2025-12-05T05:04:18.581Z",
"dateUpdated": "2026-02-09T19:05:33.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66595 (GCVE-0-2025-66595)
Vulnerability from cvelistv5 – Published: 2026-02-09 03:36 – Updated: 2026-02-09 19:05
VLAI?
Summary
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
This product is
vulnerable to Cross-Site Request Forgery (CSRF). When a user accesses a link
crafted by an attacker, the user’s account could be compromised.
The
affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to
R10.04
Severity ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yokogawa Electric Corporation | FAST/TOOLS |
Affected:
R9.01 , ≤ R10.04
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66595",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-09T19:02:33.376319Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T19:05:39.419Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "FAST/TOOLS",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"lessThanOrEqual": "R10.04",
"status": "affected",
"version": "R9.01",
"versionType": "custom"
}
]
}
],
"datePublic": "2026-02-09T03:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\u003c/p\u003e\n\n\u003cp\u003eThis product is\nvulnerable to Cross-Site Request Forgery (CSRF). When a user accesses a link\ncrafted by an attacker, the user\u2019s account could be compromised.\u003c/p\u003e\n\n\u003cp\u003eThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04\u003c/p\u003e"
}
],
"value": "A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\n\n\n\nThis product is\nvulnerable to Cross-Site Request Forgery (CSRF). When a user accesses a link\ncrafted by an attacker, the user\u2019s account could be compromised.\n\n\n\nThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T03:36:38.506Z",
"orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"shortName": "YokogawaGroup"
},
"references": [
{
"url": "https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"assignerShortName": "YokogawaGroup",
"cveId": "CVE-2025-66595",
"datePublished": "2026-02-09T03:36:38.506Z",
"dateReserved": "2025-12-05T05:04:18.582Z",
"dateUpdated": "2026-02-09T19:05:39.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66596 (GCVE-0-2025-66596)
Vulnerability from cvelistv5 – Published: 2026-02-09 03:35 – Updated: 2026-02-09 19:05
VLAI?
Summary
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
This product does not
properly validate request headers. When an attacker inserts an invalid host
header, users could be redirected to malicious sites.
The
affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to
R10.04
Severity ?
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yokogawa Electric Corporation | FAST/TOOLS |
Affected:
R9.01 , ≤ R10.04
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66596",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-09T19:04:04.739597Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T19:05:44.946Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "FAST/TOOLS",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"lessThanOrEqual": "R10.04",
"status": "affected",
"version": "R9.01",
"versionType": "custom"
}
]
}
],
"datePublic": "2026-02-09T03:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\u003c/p\u003e\n\n\u003cp\u003eThis product does not\nproperly validate request headers. When an attacker inserts an invalid host\nheader, users could be redirected to malicious sites.\u003c/p\u003e\n\n\u003cp\u003eThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04\u003c/p\u003e"
}
],
"value": "A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\n\n\n\nThis product does not\nproperly validate request headers. When an attacker inserts an invalid host\nheader, users could be redirected to malicious sites.\n\n\n\nThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T03:35:28.896Z",
"orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"shortName": "YokogawaGroup"
},
"references": [
{
"url": "https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"assignerShortName": "YokogawaGroup",
"cveId": "CVE-2025-66596",
"datePublished": "2026-02-09T03:35:28.896Z",
"dateReserved": "2025-12-05T05:04:18.582Z",
"dateUpdated": "2026-02-09T19:05:44.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66597 (GCVE-0-2025-66597)
Vulnerability from cvelistv5 – Published: 2026-02-09 03:31 – Updated: 2026-02-09 19:05
VLAI?
Summary
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
This product supports
weak cryptographic algorithms, potentially allowing an attacker to decrypt
communications with the web server.
The
affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to
R10.04
Severity ?
CWE
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yokogawa Electric Corporation | FAST/TOOLS |
Affected:
R9.01 , ≤ R10.04
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66597",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-09T19:04:07.137754Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T19:05:50.700Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "FAST/TOOLS",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"lessThanOrEqual": "R10.04",
"status": "affected",
"version": "R9.01",
"versionType": "custom"
}
]
}
],
"datePublic": "2026-02-09T03:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\u003c/p\u003e\n\n\u003cp\u003eThis product supports\nweak cryptographic algorithms, potentially allowing an attacker to decrypt\ncommunications with the web server.\u003c/p\u003e\n\n\u003cp\u003eThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04\u003c/p\u003e"
}
],
"value": "A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\n\n\n\nThis product supports\nweak cryptographic algorithms, potentially allowing an attacker to decrypt\ncommunications with the web server.\n\n\n\nThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T03:31:24.991Z",
"orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"shortName": "YokogawaGroup"
},
"references": [
{
"url": "https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"assignerShortName": "YokogawaGroup",
"cveId": "CVE-2025-66597",
"datePublished": "2026-02-09T03:31:24.991Z",
"dateReserved": "2025-12-05T05:04:18.582Z",
"dateUpdated": "2026-02-09T19:05:50.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66598 (GCVE-0-2025-66598)
Vulnerability from cvelistv5 – Published: 2026-02-09 03:26 – Updated: 2026-02-09 19:05
VLAI?
Summary
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
This product supports
old SSL/TLS versions, potentially allowing an attacker to decrypt
communications with the web server.
The
affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to
R10.04
Severity ?
CWE
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yokogawa Electric Corporation | FAST/TOOLS |
Affected:
R9.01 , ≤ R10.04
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66598",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-09T19:02:34.873870Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T19:05:56.310Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "FAST/TOOLS",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"lessThanOrEqual": "R10.04",
"status": "affected",
"version": "R9.01",
"versionType": "custom"
}
]
}
],
"datePublic": "2026-02-09T03:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\u003c/p\u003e\n\n\u003cp\u003eThis product supports\nold SSL/TLS versions, potentially allowing an attacker to decrypt\ncommunications with the web server.\u003c/p\u003e\n\n\u003cp\u003eThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04\u003c/p\u003e"
}
],
"value": "A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\n\n\n\nThis product supports\nold SSL/TLS versions, potentially allowing an attacker to decrypt\ncommunications with the web server.\n\n\n\nThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T03:26:46.511Z",
"orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"shortName": "YokogawaGroup"
},
"references": [
{
"url": "https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"assignerShortName": "YokogawaGroup",
"cveId": "CVE-2025-66598",
"datePublished": "2026-02-09T03:26:46.511Z",
"dateReserved": "2025-12-05T05:04:18.582Z",
"dateUpdated": "2026-02-09T19:05:56.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66599 (GCVE-0-2025-66599)
Vulnerability from cvelistv5 – Published: 2026-02-09 03:25 – Updated: 2026-02-09 19:06
VLAI?
Summary
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
Physical paths could
be displayed on web pages. This information could be exploited by an attacker
for other attacks.
The
affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to
R10.04
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yokogawa Electric Corporation | FAST/TOOLS |
Affected:
R9.01 , ≤ R10.04
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66599",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-09T19:04:09.065524Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T19:06:02.648Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "FAST/TOOLS",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"lessThanOrEqual": "R10.04",
"status": "affected",
"version": "R9.01",
"versionType": "custom"
}
]
}
],
"datePublic": "2026-02-09T03:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\u003c/p\u003e\n\n\u003cp\u003ePhysical paths could\nbe displayed on web pages. This information could be exploited by an attacker\nfor other attacks.\u003c/p\u003e\n\n\u003cp\u003eThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04\u003c/p\u003e"
}
],
"value": "A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\n\n\n\nPhysical paths could\nbe displayed on web pages. This information could be exploited by an attacker\nfor other attacks.\n\n\n\nThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T03:25:39.213Z",
"orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"shortName": "YokogawaGroup"
},
"references": [
{
"url": "https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"assignerShortName": "YokogawaGroup",
"cveId": "CVE-2025-66599",
"datePublished": "2026-02-09T03:25:39.213Z",
"dateReserved": "2025-12-05T05:04:18.583Z",
"dateUpdated": "2026-02-09T19:06:02.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66600 (GCVE-0-2025-66600)
Vulnerability from cvelistv5 – Published: 2026-02-09 03:24 – Updated: 2026-02-09 19:06
VLAI?
Summary
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
This product lacks
HSTS (HTTP Strict Transport Security) configuration. When an attacker performs
a Man in the middle (MITM) attack, communications with the web server could be
sniffed.
The
affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to
R10.04
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yokogawa Electric Corporation | FAST/TOOLS |
Affected:
R9.01 , ≤ R10.04
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66600",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-09T19:04:10.750639Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T19:06:08.322Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "FAST/TOOLS",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"lessThanOrEqual": "R10.04",
"status": "affected",
"version": "R9.01",
"versionType": "custom"
}
]
}
],
"datePublic": "2026-02-09T03:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\u003c/p\u003e\n\n\u003cp\u003eThis product lacks\nHSTS (HTTP Strict Transport Security) configuration. When an attacker performs\na Man in the middle (MITM) attack, communications with the web server could be\nsniffed.\u003c/p\u003e\n\n\u003cp\u003eThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04\u003c/p\u003e"
}
],
"value": "A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\n\n\n\nThis product lacks\nHSTS (HTTP Strict Transport Security) configuration. When an attacker performs\na Man in the middle (MITM) attack, communications with the web server could be\nsniffed.\n\n\n\nThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-358",
"description": "CWE-358",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T03:24:33.044Z",
"orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"shortName": "YokogawaGroup"
},
"references": [
{
"url": "https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"assignerShortName": "YokogawaGroup",
"cveId": "CVE-2025-66600",
"datePublished": "2026-02-09T03:24:33.044Z",
"dateReserved": "2025-12-05T05:04:18.583Z",
"dateUpdated": "2026-02-09T19:06:08.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66601 (GCVE-0-2025-66601)
Vulnerability from cvelistv5 – Published: 2026-02-09 03:17 – Updated: 2026-02-09 19:06
VLAI?
Summary
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
This product does not
specify MIME types. When an attacker performs a content sniffing attack,
malicious scripts could be executed.
The
affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to
R10.04
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yokogawa Electric Corporation | FAST/TOOLS |
Affected:
R9.01 , ≤ R10.04
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66601",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-09T19:02:36.537093Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T19:06:13.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "FAST/TOOLS",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"lessThanOrEqual": "R10.04",
"status": "affected",
"version": "R9.01",
"versionType": "custom"
}
]
}
],
"datePublic": "2026-02-09T03:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\u003c/p\u003e\n\n\u003cp\u003eThis product does not\nspecify MIME types. When an attacker performs a content sniffing attack,\nmalicious scripts could be executed.\u003c/p\u003e\n\n\u003cp\u003eThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04\u003c/p\u003e"
}
],
"value": "A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\n\n\n\nThis product does not\nspecify MIME types. When an attacker performs a content sniffing attack,\nmalicious scripts could be executed.\n\n\n\nThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-358",
"description": "CWE-358",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T03:17:59.547Z",
"orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"shortName": "YokogawaGroup"
},
"references": [
{
"url": "https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"assignerShortName": "YokogawaGroup",
"cveId": "CVE-2025-66601",
"datePublished": "2026-02-09T03:17:59.547Z",
"dateReserved": "2025-12-05T05:04:18.583Z",
"dateUpdated": "2026-02-09T19:06:13.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66602 (GCVE-0-2025-66602)
Vulnerability from cvelistv5 – Published: 2026-02-09 03:16 – Updated: 2026-02-09 19:06
VLAI?
Summary
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
The web server accepts
access by IP address. When a worm that randomly searches for IP addresses
intrudes into the network, it could potentially be attacked by the worm.
The
affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to
R10.04
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yokogawa Electric Corporation | FAST/TOOLS |
Affected:
R9.01 , ≤ R10.04
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66602",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-09T19:04:12.574305Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T19:06:18.987Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "FAST/TOOLS",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"lessThanOrEqual": "R10.04",
"status": "affected",
"version": "R9.01",
"versionType": "custom"
}
]
}
],
"datePublic": "2026-02-09T03:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\u003c/p\u003e\n\n\u003cp\u003eThe web server accepts\naccess by IP address. When a worm that randomly searches for IP addresses\nintrudes into the network, it could potentially be attacked by the worm.\u003c/p\u003e\n\n\u003cp\u003eThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04\u003c/p\u003e"
}
],
"value": "A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\n\n\n\nThe web server accepts\naccess by IP address. When a worm that randomly searches for IP addresses\nintrudes into the network, it could potentially be attacked by the worm.\n\n\n\nThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-291",
"description": "CWE-291",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T03:16:47.620Z",
"orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"shortName": "YokogawaGroup"
},
"references": [
{
"url": "https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"assignerShortName": "YokogawaGroup",
"cveId": "CVE-2025-66602",
"datePublished": "2026-02-09T03:16:47.620Z",
"dateReserved": "2025-12-05T05:04:18.583Z",
"dateUpdated": "2026-02-09T19:06:18.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66603 (GCVE-0-2025-66603)
Vulnerability from cvelistv5 – Published: 2026-02-09 03:15 – Updated: 2026-02-09 19:06
VLAI?
Summary
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
The web server accepts
the OPTIONS method. An attacker could potentially use this information to carry
out other attacks.
The
affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to
R10.04
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yokogawa Electric Corporation | FAST/TOOLS |
Affected:
R9.01 , ≤ R10.04
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66603",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-09T19:02:38.058046Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T19:06:23.795Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "FAST/TOOLS",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"lessThanOrEqual": "R10.04",
"status": "affected",
"version": "R9.01",
"versionType": "custom"
}
]
}
],
"datePublic": "2026-02-09T03:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\u003c/p\u003e\n\n\u003cp\u003eThe web server accepts\nthe OPTIONS method. An attacker could potentially use this information to carry\nout other attacks.\u003c/p\u003e\n\n\u003cp\u003eThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04\u003c/p\u003e"
}
],
"value": "A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\n\n\n\nThe web server accepts\nthe OPTIONS method. An attacker could potentially use this information to carry\nout other attacks.\n\n\n\nThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 2.1,
"baseSeverity": "LOW",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-358",
"description": "CWE-358",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T03:15:41.396Z",
"orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"shortName": "YokogawaGroup"
},
"references": [
{
"url": "https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"assignerShortName": "YokogawaGroup",
"cveId": "CVE-2025-66603",
"datePublished": "2026-02-09T03:15:41.396Z",
"dateReserved": "2025-12-05T05:04:18.583Z",
"dateUpdated": "2026-02-09T19:06:23.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66604 (GCVE-0-2025-66604)
Vulnerability from cvelistv5 – Published: 2026-02-09 03:14 – Updated: 2026-02-09 19:06
VLAI?
Summary
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
The library version
could be displayed on the web page. This information could be exploited by an
attacker for other attacks.
The
affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to
R10.04
Severity ?
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yokogawa Electric Corporation | FAST/TOOLS |
Affected:
R9.01 , ≤ R10.04
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66604",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-09T19:02:40.022823Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T19:06:28.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "FAST/TOOLS",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"lessThanOrEqual": "R10.04",
"status": "affected",
"version": "R9.01",
"versionType": "custom"
}
]
}
],
"datePublic": "2026-02-09T03:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\u003c/p\u003e\n\n\u003cp\u003eThe library version\ncould be displayed on the web page. This information could be exploited by an\nattacker for other attacks.\u003c/p\u003e\n\n\u003cp\u003eThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04\u003c/p\u003e"
}
],
"value": "A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\n\n\n\nThe library version\ncould be displayed on the web page. This information could be exploited by an\nattacker for other attacks.\n\n\n\nThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.1,
"baseSeverity": "LOW",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T03:14:10.253Z",
"orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"shortName": "YokogawaGroup"
},
"references": [
{
"url": "https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"assignerShortName": "YokogawaGroup",
"cveId": "CVE-2025-66604",
"datePublished": "2026-02-09T03:14:10.253Z",
"dateReserved": "2025-12-05T05:04:40.512Z",
"dateUpdated": "2026-02-09T19:06:28.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66605 (GCVE-0-2025-66605)
Vulnerability from cvelistv5 – Published: 2026-02-09 03:13 – Updated: 2026-02-09 19:06
VLAI?
Summary
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
Since there are input
fields on this webpage with the autocomplete attribute enabled, the input
content could be saved in the browser the user is using.
The
affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to
R10.04
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yokogawa Electric Corporation | FAST/TOOLS |
Affected:
R9.01 , ≤ R10.04
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66605",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-09T19:02:42.053005Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T19:06:34.439Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "FAST/TOOLS",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"lessThanOrEqual": "R10.04",
"status": "affected",
"version": "R9.01",
"versionType": "custom"
}
]
}
],
"datePublic": "2026-02-09T03:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\u003c/p\u003e\n\n\u003cp\u003eSince there are input\nfields on this webpage with the autocomplete attribute enabled, the input\ncontent could be saved in the browser the user is using.\u003c/p\u003e\n\n\u003cp\u003eThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04\u003c/p\u003e"
}
],
"value": "A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\n\n\n\nSince there are input\nfields on this webpage with the autocomplete attribute enabled, the input\ncontent could be saved in the browser the user is using.\n\n\n\nThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 2.1,
"baseSeverity": "LOW",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T03:13:02.297Z",
"orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"shortName": "YokogawaGroup"
},
"references": [
{
"url": "https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"assignerShortName": "YokogawaGroup",
"cveId": "CVE-2025-66605",
"datePublished": "2026-02-09T03:13:02.297Z",
"dateReserved": "2025-12-05T05:04:40.514Z",
"dateUpdated": "2026-02-09T19:06:34.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66608 (GCVE-0-2025-66608)
Vulnerability from cvelistv5 – Published: 2026-02-09 03:11 – Updated: 2026-02-09 19:06
VLAI?
Summary
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
This product does not
properly validate URLs. An attacker could send specially crafted requests to
steal files from the web server.
The
affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to
R10.04
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yokogawa Electric Corporation | FAST/TOOLS |
Affected:
R9.01 , ≤ R10.04
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66608",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-09T19:04:14.451633Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T19:06:39.777Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "FAST/TOOLS",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"lessThanOrEqual": "R10.04",
"status": "affected",
"version": "R9.01",
"versionType": "custom"
}
]
}
],
"datePublic": "2026-02-09T03:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\u003c/p\u003e\n\n\u003cp\u003eThis product does not\nproperly validate URLs. An attacker could send specially crafted requests to\nsteal files from the web server.\u003c/p\u003e\n\n\u003cp\u003eThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04\u003c/p\u003e"
}
],
"value": "A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\n\n\n\nThis product does not\nproperly validate URLs. An attacker could send specially crafted requests to\nsteal files from the web server.\n\n\n\nThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-29",
"description": "CWE-29",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T03:11:56.893Z",
"orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"shortName": "YokogawaGroup"
},
"references": [
{
"url": "https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"assignerShortName": "YokogawaGroup",
"cveId": "CVE-2025-66608",
"datePublished": "2026-02-09T03:11:56.893Z",
"dateReserved": "2025-12-05T05:04:40.516Z",
"dateUpdated": "2026-02-09T19:06:39.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66607 (GCVE-0-2025-66607)
Vulnerability from cvelistv5 – Published: 2026-02-09 03:09 – Updated: 2026-02-09 19:06
VLAI?
Summary
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
The response header
contains an insecure setting. Users could be redirected to malicious sites by
an attacker.
The
affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to
R10.04
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yokogawa Electric Corporation | FAST/TOOLS |
Affected:
R9.01 , ≤ R10.04
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66607",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-09T19:02:44.079629Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T19:06:45.550Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "FAST/TOOLS",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"lessThanOrEqual": "R10.04",
"status": "affected",
"version": "R9.01",
"versionType": "custom"
}
]
}
],
"datePublic": "2026-02-09T03:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\u003c/p\u003e\n\n\u003cp\u003eThe response header\ncontains an insecure setting. Users could be redirected to malicious sites by\nan attacker.\u003c/p\u003e\n\n\u003cp\u003eThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04\u003c/p\u003e"
}
],
"value": "A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\n\n\n\nThe response header\ncontains an insecure setting. Users could be redirected to malicious sites by\nan attacker.\n\n\n\nThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-358",
"description": "CWE-358",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T03:09:05.605Z",
"orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"shortName": "YokogawaGroup"
},
"references": [
{
"url": "https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"assignerShortName": "YokogawaGroup",
"cveId": "CVE-2025-66607",
"datePublished": "2026-02-09T03:09:05.605Z",
"dateReserved": "2025-12-05T05:04:40.515Z",
"dateUpdated": "2026-02-09T19:06:45.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66606 (GCVE-0-2025-66606)
Vulnerability from cvelistv5 – Published: 2026-02-09 03:06 – Updated: 2026-02-09 19:06
VLAI?
Summary
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
This product does not
properly encode URLs. An attacker could tamper with web pages or execute
malicious scripts.
The
affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to
R10.04
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yokogawa Electric Corporation | FAST/TOOLS |
Affected:
R9.01 , ≤ R10.04
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66606",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-09T19:02:46.397363Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T19:06:50.934Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "FAST/TOOLS",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"lessThanOrEqual": "R10.04",
"status": "affected",
"version": "R9.01",
"versionType": "custom"
}
]
}
],
"datePublic": "2026-02-09T03:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\u003c/p\u003e\n\n\u003cp\u003eThis product does not\nproperly encode URLs. An attacker could tamper with web pages or execute\nmalicious scripts.\u003c/p\u003e\n\n\u003cp\u003eThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04\u003c/p\u003e"
}
],
"value": "A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\n\n\n\nThis product does not\nproperly encode URLs. An attacker could tamper with web pages or execute\nmalicious scripts.\n\n\n\nThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 2.1,
"baseSeverity": "LOW",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-86",
"description": "CWE-86",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T03:06:00.996Z",
"orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"shortName": "YokogawaGroup"
},
"references": [
{
"url": "https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"assignerShortName": "YokogawaGroup",
"cveId": "CVE-2025-66606",
"datePublished": "2026-02-09T03:06:00.996Z",
"dateReserved": "2025-12-05T05:04:40.514Z",
"dateUpdated": "2026-02-09T19:06:50.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-4106 (GCVE-0-2024-4106)
Vulnerability from cvelistv5 – Published: 2024-06-26 05:30 – Updated: 2024-08-01 20:33
VLAI?
Summary
A vulnerability has been found in FAST/TOOLS and CI Server. The affected products have built-in accounts with no passwords set. Therefore, if the product is operated without a password set by default, an attacker can break into the affected product.
The affected products and versions are as follows:
FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04
CI Server R1.01.00 to R1.03.00
Severity ?
5.3 (Medium)
CWE
- CWE-258 - Empty Password in Configuration File
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Yokogawa Electric Corporation | FAST/TOOLS |
Affected:
R9.01 , ≤ R10.04
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:yokogawa_electric_corporation:fast_tools:r901:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fast_tools",
"vendor": "yokogawa_electric_corporation",
"versions": [
{
"lessThanOrEqual": "R10.04",
"status": "affected",
"version": "r901",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:yokogawa_electric_corporation:ci_server:r1.01.00:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ci_server",
"vendor": "yokogawa_electric_corporation",
"versions": [
{
"lessThanOrEqual": "R1.03.00",
"status": "affected",
"version": "r1.01.00",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4106",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T13:07:16.655100Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T13:16:08.820Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:33:52.203Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/1/36059/files/YSAR-24-0001-E.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "FAST/TOOLS",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"lessThanOrEqual": "R10.04",
"status": "affected",
"version": "R9.01",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "CI Server",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"lessThanOrEqual": "R1.03.00",
"status": "affected",
"version": "R1.01.00",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability has been found in FAST/TOOLS and CI Server. The affected products have built-in accounts with no passwords set. Therefore, if the product is operated without a password set by default, an attacker can break into the affected product.\u003cbr\u003eThe affected products and versions are as follows:\u003cbr\u003eFAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04\u003cbr\u003eCI Server R1.01.00 to R1.03.00"
}
],
"value": "A vulnerability has been found in FAST/TOOLS and CI Server. The affected products have built-in accounts with no passwords set. Therefore, if the product is operated without a password set by default, an attacker can break into the affected product.\nThe affected products and versions are as follows:\nFAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04\nCI Server R1.01.00 to R1.03.00"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-258",
"description": "CWE-258 Empty Password in Configuration File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T05:30:33.928Z",
"orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"shortName": "YokogawaGroup"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://web-material3.yokogawa.com/1/36059/files/YSAR-24-0001-E.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"assignerShortName": "YokogawaGroup",
"cveId": "CVE-2024-4106",
"datePublished": "2024-06-26T05:30:33.928Z",
"dateReserved": "2024-04-23T23:06:05.616Z",
"dateUpdated": "2024-08-01T20:33:52.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4105 (GCVE-0-2024-4105)
Vulnerability from cvelistv5 – Published: 2024-06-26 05:25 – Updated: 2024-08-01 20:33
VLAI?
Summary
A vulnerability has been found in FAST/TOOLS and CI Server. The affected product's WEB HMI server's function to process HTTP requests has a security flaw (Reflected XSS) that allows the execution of malicious scripts. Therefore, if a client PC with inadequate security measures accesses a product URL containing a malicious request, the malicious script may be executed on the client PC.
The affected products and versions are as follows:
FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04
CI Server R1.01.00 to R1.03.00
Severity ?
5.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Yokogawa Electric Corporation | FAST/TOOLS |
Affected:
R9.01 , ≤ R10.04
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4105",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T17:29:58.387431Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T17:30:23.193Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:33:52.203Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/1/36059/files/YSAR-24-0001-E.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "FAST/TOOLS",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"lessThanOrEqual": "R10.04",
"status": "affected",
"version": "R9.01",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "CI Server",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"lessThanOrEqual": "R1.03.00",
"status": "affected",
"version": "R1.01.00",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability has been found in FAST/TOOLS and CI Server. The affected product\u0027s WEB HMI server\u0027s function to process HTTP requests has a security flaw (Reflected XSS) that allows the execution of malicious scripts. Therefore, if a client PC with inadequate security measures accesses a product URL containing a malicious request, the malicious script may be executed on the client PC.\u003cbr\u003eThe affected products and versions are as follows:\u003cbr\u003eFAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04\u003cbr\u003eCI Server R1.01.00 to R1.03.00"
}
],
"value": "A vulnerability has been found in FAST/TOOLS and CI Server. The affected product\u0027s WEB HMI server\u0027s function to process HTTP requests has a security flaw (Reflected XSS) that allows the execution of malicious scripts. Therefore, if a client PC with inadequate security measures accesses a product URL containing a malicious request, the malicious script may be executed on the client PC.\nThe affected products and versions are as follows:\nFAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04\nCI Server R1.01.00 to R1.03.00"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T05:25:04.524Z",
"orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"shortName": "YokogawaGroup"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://web-material3.yokogawa.com/1/36059/files/YSAR-24-0001-E.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"assignerShortName": "YokogawaGroup",
"cveId": "CVE-2024-4105",
"datePublished": "2024-06-26T05:25:04.524Z",
"dateReserved": "2024-04-23T23:06:00.203Z",
"dateUpdated": "2024-08-01T20:33:52.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2014-000141
Vulnerability from jvndb - Published: 2014-11-28 14:54 - Updated:2014-12-10 10:16Summary
FAST/TOOLS vulnerable to improper restriction of XML external entity references
Details
FAST/TOOLS provided by Yokogawa Electric Corporation contains a vulnerability where XML external entity (XXE) references are not properly restricted (CWE-611).
Timur Yunusov, Alexey Osipov and Ilya Karpov of Positive Technologies reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000141.html",
"dc:date": "2014-12-10T10:16+09:00",
"dcterms:issued": "2014-11-28T14:54+09:00",
"dcterms:modified": "2014-12-10T10:16+09:00",
"description": "FAST/TOOLS provided by Yokogawa Electric Corporation contains a vulnerability where XML external entity (XXE) references are not properly restricted (CWE-611).\r\n\r\nTimur Yunusov, Alexey Osipov and Ilya Karpov of Positive Technologies reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000141.html",
"sec:cpe": {
"#text": "cpe:/a:yokogawa:scada_software_%28fast%2ftools%29",
"@product": "FAST/TOOLS",
"@vendor": "Yokogawa Electric Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "2.4",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:L/AC:H/Au:S/C:P/I:N/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000141",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN54775800/index.html",
"@id": "JVN#54775800",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7251",
"@id": "CVE-2014-7251",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7251",
"@id": "CVE-2014-7251",
"@source": "NVD"
},
{
"#text": "https://ics-cert.us-cert.gov/advisories/ICSA-14-343-01",
"@id": "ICSA-14-343-01",
"@source": "ICS-CERT ADVISORY"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "FAST/TOOLS vulnerable to improper restriction of XML external entity references"
}