CVE-2025-66603
📋 TL;DR
The OPTIONS method vulnerability in Yokogawa FAST/TOOLS web servers exposes HTTP method information that could aid attackers in reconnaissance and subsequent attacks. This affects industrial control system operators using FAST/TOOLS packages RVSVRN, UNSVRN, HMIWEB, FTEES, and HMIMOB from versions R9.01 to R10.04.
💻 Affected Systems
- FAST/TOOLS RVSVRN
- FAST/TOOLS UNSVRN
- FAST/TOOLS HMIWEB
- FAST/TOOLS FTEES
- FAST/TOOLS HMIMOB
📦 What is this software?
Fast\/tools by Yokogawa
⚠️ Risk & Real-World Impact
Worst Case
Attackers use exposed HTTP method information to identify vulnerable endpoints and launch successful attacks like cross-site tracing, authentication bypass, or data exfiltration.
Likely Case
Attackers gather reconnaissance data about server configuration and available methods to plan targeted attacks against the industrial control system.
If Mitigated
Limited information disclosure with no direct path to compromise if proper network segmentation and access controls are implemented.
🎯 Exploit Status
OPTIONS method exploitation typically requires additional vulnerabilities to achieve full compromise, but reconnaissance is trivial.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: R10.04 with security update or later versions
Vendor Advisory: https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf
Restart Required: Yes
Instructions:
1. Download security update from Yokogawa support portal. 2. Apply update following vendor documentation. 3. Restart affected FAST/TOOLS services. 4. Verify OPTIONS method is no longer returning sensitive information.
🔧 Temporary Workarounds
Web Server Configuration Hardening
allConfigure web server to restrict or disable OPTIONS method responses
Specific configuration depends on underlying web server technology (not specified in advisory)
Web Application Firewall Rules
allBlock or sanitize OPTIONS method requests at network perimeter
WAF-specific rules to block OPTIONS requests or filter responses
🧯 If You Can't Patch
- Implement strict network segmentation to isolate FAST/TOOLS systems from untrusted networks
- Deploy web application firewall with rules to block or monitor OPTIONS method requests
🔍 How to Verify
Check if Vulnerable:
Send OPTIONS HTTP request to FAST/TOOLS web server and check if it returns supported methods information: curl -X OPTIONS http://target-ip/Check Version:
Check FAST/TOOLS version through administrative interface or system documentationVerify Fix Applied:
After patching, OPTIONS request should return minimal information or be blocked entirely📡 Detection & Monitoring
Log Indicators:
- HTTP OPTIONS requests in web server logs
- Unusual reconnaissance activity patterns
Network Indicators:
- OPTIONS method requests to industrial control system web interfaces
- Repeated HTTP method probing
SIEM Query:
source="web_server" AND method="OPTIONS" AND dest_ip="FAST/TOOLS_IP"