CVE-2025-66594
📋 TL;DR
This vulnerability in Yokogawa's FAST/TOOLS software exposes detailed error messages that could reveal sensitive system information. Attackers could leverage this information to plan further attacks against industrial control systems. Organizations using FAST/TOOLS packages RVSVRN, UNSVRN, HMIWEB, FTEES, or HMIMOB between versions R9.01 and R10.04 are affected.
💻 Affected Systems
- FAST/TOOLS RVSVRN
- FAST/TOOLS UNSVRN
- FAST/TOOLS HMIWEB
- FAST/TOOLS FTEES
- FAST/TOOLS HMIMOB
📦 What is this software?
Fast\/tools by Yokogawa
⚠️ Risk & Real-World Impact
Worst Case
Attackers use exposed error information to identify system weaknesses, leading to full system compromise, operational disruption, or data exfiltration from industrial control environments.
Likely Case
Information disclosure helps attackers map system architecture, identify software versions, and plan targeted attacks against specific components.
If Mitigated
Limited information exposure with no direct system access, though reconnaissance value remains for determined attackers.
🎯 Exploit Status
Exploitation requires triggering error conditions to view detailed messages, which is typically straightforward.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: R10.04 or later (check vendor advisory for specific patch versions)
Vendor Advisory: https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf
Restart Required: Yes
Instructions:
1. Review vendor advisory YSAR-26-0001-E. 2. Apply vendor-provided patches or upgrade to fixed versions. 3. Restart affected services as required.
🔧 Temporary Workarounds
Disable Detailed Error Messages
allConfigure FAST/TOOLS to show generic error messages instead of detailed system information
Configuration steps would be specific to each FAST/TOOLS component - refer to vendor documentation
Network Segmentation
allRestrict access to FAST/TOOLS interfaces to authorized users only
Implement firewall rules to limit access to FAST/TOOLS ports
🧯 If You Can't Patch
- Implement strict network access controls to limit who can access FAST/TOOLS interfaces
- Monitor error logs for unusual patterns that might indicate reconnaissance attempts
🔍 How to Verify
Check if Vulnerable:
Check FAST/TOOLS version against affected range R9.01 to R10.04 and verify if detailed error messages are displayedCheck Version:
Check version through FAST/TOOLS administration interface or configuration filesVerify Fix Applied:
After patching, trigger error conditions and verify only generic messages appear📡 Detection & Monitoring
Log Indicators:
- Multiple error page accesses from single IP
- Error logs showing detailed system information being accessed
Network Indicators:
- Unusual traffic patterns to error pages
- Repeated requests designed to trigger errors
SIEM Query:
source="fast_tools" AND (message="*detailed error*" OR status=500) | stats count by src_ip