CVE-2025-66604
📋 TL;DR
This vulnerability in Yokogawa's FAST/TOOLS industrial control system software exposes library version information on web pages, potentially enabling attackers to gather reconnaissance data for further attacks. It affects multiple FAST/TOOLS components (RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) from versions R9.01 through R10.04. This information disclosure could facilitate targeted attacks against industrial control systems.
💻 Affected Systems
- FAST/TOOLS RVSVRN
- FAST/TOOLS UNSVRN
- FAST/TOOLS HMIWEB
- FAST/TOOLS FTEES
- FAST/TOOLS HMIMOB
📦 What is this software?
Fast\/tools by Yokogawa
⚠️ Risk & Real-World Impact
Worst Case
Attackers use exposed version information to identify and exploit other known vulnerabilities in the specific library versions, potentially leading to system compromise, data theft, or disruption of industrial operations.
Likely Case
Attackers gather reconnaissance data to plan targeted attacks, potentially combining this information with other vulnerabilities for privilege escalation or system access.
If Mitigated
Limited information disclosure with no direct system compromise, though it still provides attackers with valuable reconnaissance data.
🎯 Exploit Status
The vulnerability involves simple information disclosure via web interface. No authentication appears to be required to view the version information.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: R10.04 or later with security updates
Vendor Advisory: https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf
Restart Required: Yes
Instructions:
1. Download the security update from Yokogawa's support portal. 2. Apply the update to all affected FAST/TOOLS components. 3. Restart the affected services. 4. Verify the fix by checking that library version information is no longer exposed on web pages.
🔧 Temporary Workarounds
Web Interface Access Restriction
allRestrict access to FAST/TOOLS web interfaces using network segmentation and firewall rules
Web Server Configuration
allModify web server configuration to hide version headers and error pages
🧯 If You Can't Patch
- Implement strict network segmentation to isolate FAST/TOOLS systems from untrusted networks
- Deploy web application firewalls (WAF) to filter and monitor traffic to FAST/TOOLS web interfaces
🔍 How to Verify
Check if Vulnerable:
Access FAST/TOOLS web interfaces and check if library version information is displayed in web pages or HTTP headersCheck Version:
Check FAST/TOOLS version through system administration interface or configuration filesVerify Fix Applied:
After patching, verify that library version information is no longer exposed on web pages or in HTTP responses📡 Detection & Monitoring
Log Indicators:
- Multiple requests to web interfaces from suspicious IPs
- Patterns of reconnaissance activity
Network Indicators:
- Unusual scanning of FAST/TOOLS web ports (typically 80, 443, or custom ports)
- HTTP requests specifically targeting version information endpoints
SIEM Query:
source_ip="*" AND (http_user_agent CONTAINS "scanner" OR http_uri CONTAINS "version" OR http_uri CONTAINS "info") AND dest_port IN (80, 443, [FAST/TOOLS_PORTS])