CVE-2025-66600
📋 TL;DR
FAST/TOOLS industrial control system software lacks HSTS configuration, allowing attackers to perform MITM attacks and intercept web communications. This affects Yokogawa FAST/TOOLS packages RVSVRN, UNSVRN, HMIWEB, FTEES, and HMIMOB from versions R9.01 to R10.04.
💻 Affected Systems
- FAST/TOOLS RVSVRN
- FAST/TOOLS UNSVRN
- FAST/TOOLS HMIWEB
- FAST/TOOLS FTEES
- FAST/TOOLS HMIMOB
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers intercept sensitive industrial control data, credentials, or manipulate control commands leading to operational disruption or safety incidents.
Likely Case
Credential theft and session hijacking allowing unauthorized access to control systems.
If Mitigated
Limited impact with proper network segmentation and monitoring, but still exposes web traffic to interception.
🎯 Exploit Status
Standard MITM techniques can exploit this vulnerability without authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: R10.05 or later
Vendor Advisory: https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf
Restart Required: Yes
Instructions:
1. Upgrade to FAST/TOOLS R10.05 or later. 2. Apply vendor patches. 3. Restart affected services.
🔧 Temporary Workarounds
Configure HSTS Headers
allManually configure HSTS headers in web server configuration to enforce HTTPS.
Add 'Strict-Transport-Security: max-age=31536000; includeSubDomains' to HTTP response headers
Network Segmentation
allIsolate FAST/TOOLS systems from untrusted networks.
🧯 If You Can't Patch
- Implement network-level SSL/TLS inspection and monitoring
- Use VPN or dedicated secure channels for all FAST/TOOLS communications
🔍 How to Verify
Check if Vulnerable:
Check HTTP responses for missing 'Strict-Transport-Security' header using curl: curl -I http://fasttools-server/Check Version:
Check FAST/TOOLS version in system administration interface or configuration files.Verify Fix Applied:
Verify 'Strict-Transport-Security' header is present in HTTP responses after patch/configuration.📡 Detection & Monitoring
Log Indicators:
- Multiple HTTP connections without HTTPS redirects
- Unusual MITM attack patterns
Network Indicators:
- Cleartext HTTP traffic to FAST/TOOLS web interfaces
- SSL stripping attempts
SIEM Query:
source="fasttools_web" AND protocol="HTTP" AND NOT protocol="HTTPS"