CVE-2025-66599
📋 TL;DR
This vulnerability in Yokogawa's FAST/TOOLS software exposes physical file paths on web pages, potentially revealing sensitive system information. Attackers could leverage this information to plan further attacks against the system. Affected users include those running FAST/TOOLS packages RVSVRN, UNSVRN, HMIWEB, FTEES, or HMIMOB between versions R9.01 and R10.04.
💻 Affected Systems
- FAST/TOOLS RVSVRN
- FAST/TOOLS UNSVRN
- FAST/TOOLS HMIWEB
- FAST/TOOLS FTEES
- FAST/TOOLS HMIMOB
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers use exposed path information to identify and exploit other vulnerabilities, potentially gaining unauthorized access, executing arbitrary code, or compromising the industrial control system.
Likely Case
Attackers gather reconnaissance data about the system structure, which facilitates targeted attacks against specific components or helps bypass security controls.
If Mitigated
Information disclosure is limited to path data only, with no direct system compromise if proper network segmentation and access controls are implemented.
🎯 Exploit Status
The vulnerability involves information disclosure through web pages, which typically requires no authentication and minimal technical skill to observe.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: R10.04 or later (check vendor advisory for specific patch details)
Vendor Advisory: https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf
Restart Required: Yes
Instructions:
1. Review Yokogawa advisory YSAR-26-0001-E. 2. Apply vendor-provided patches or upgrade to R10.04+. 3. Restart affected FAST/TOOLS services. 4. Verify path disclosure is no longer present.
🔧 Temporary Workarounds
Network Access Restriction
allRestrict network access to FAST/TOOLS web interfaces to authorized users only
Web Application Firewall Rules
allConfigure WAF to block responses containing physical path information
🧯 If You Can't Patch
- Isolate FAST/TOOLS systems from untrusted networks using firewalls and network segmentation
- Implement strict access controls and monitor for unusual access patterns to web interfaces
🔍 How to Verify
Check if Vulnerable:
Access FAST/TOOLS web interfaces and check if physical file paths are visible in page content or error messagesCheck Version:
Check FAST/TOOLS version through administrative interface or system documentationVerify Fix Applied:
After patching, verify that physical paths are no longer displayed on web pages📡 Detection & Monitoring
Log Indicators:
- Unusual access patterns to web interfaces
- Multiple failed access attempts followed by successful connections
Network Indicators:
- External IP addresses accessing internal FAST/TOOLS web interfaces
- Unusual HTTP requests to path-related endpoints
SIEM Query:
source="fast_tools_web" AND (http_status=200 OR http_status=500) AND (content="C:\\" OR content="/var/" OR content="path:")