CVE-2025-66597
📋 TL;DR
Yokogawa FAST/TOOLS industrial control system software uses weak cryptographic algorithms, potentially allowing attackers to decrypt web server communications. This affects FAST/TOOLS packages RVSVRN, UNSVRN, HMIWEB, FTEES, and HMIMOB from versions R9.01 through R10.04.
💻 Affected Systems
- FAST/TOOLS RVSVRN
- FAST/TOOLS UNSVRN
- FAST/TOOLS HMIWEB
- FAST/TOOLS FTEES
- FAST/TOOLS HMIMOB
📦 What is this software?
Fast\/tools by Yokogawa
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of industrial control system communications leading to data theft, manipulation of industrial processes, or disruption of critical operations.
Likely Case
Interception and decryption of sensitive operational data, configuration information, or authentication credentials transmitted to/from the web server.
If Mitigated
Limited exposure if communications are isolated in air-gapped networks with strict access controls, though risk remains for any network-connected instances.
🎯 Exploit Status
Exploitation requires network access to intercept communications and cryptographic analysis capabilities to break weak algorithms.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: R10.04 with security update or later versions
Vendor Advisory: https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf
Restart Required: Yes
Instructions:
1. Download security update from Yokogawa support portal. 2. Apply update to affected FAST/TOOLS packages. 3. Restart affected services. 4. Verify cryptographic algorithms have been strengthened.
🔧 Temporary Workarounds
Network Segmentation
allIsolate FAST/TOOLS systems in dedicated network segments with strict firewall rules
Disable Web Server
allTemporarily disable web server functionality if not required for operations
🧯 If You Can't Patch
- Implement network-level encryption (VPN/IPsec) for all FAST/TOOLS communications
- Deploy network monitoring and intrusion detection specifically for cryptographic attacks
🔍 How to Verify
Check if Vulnerable:
Check FAST/TOOLS version via system administration interface or configuration files. Verify if using weak cryptographic algorithms in web server configuration.Check Version:
Check via FAST/TOOLS administration console or consult system documentation for version identificationVerify Fix Applied:
After patching, verify web server is using strong cryptographic algorithms (TLS 1.2+, strong ciphers) and test with SSL/TLS scanning tools.📡 Detection & Monitoring
Log Indicators:
- Unusual network traffic patterns to/from FAST/TOOLS web servers
- Failed cryptographic handshake attempts
- Unexpected connection attempts to web server ports
Network Indicators:
- Intercepted or decrypted FAST/TOOLS communications
- SSL/TLS downgrade attacks targeting web server
SIEM Query:
source_ip IN (FAST/TOOLS_servers) AND (protocol="TLS" AND tls_version<1.2) OR (event_type="cryptographic_failure")