Cyber Resilience

CVE-2025-66602

Medium

Published: 09 February 2026

Published
09 February 2026
Modified
05 March 2026
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0030 21.6th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2025-66602 is a medium-severity Reliance on IP Address for Authentication (CWE-291) vulnerability in Yokogawa Fast\/Tools. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 21.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-41 (Port and I/O Device Access) and SC-7 (Boundary Protection).

Deeper analysis

CVE-2025-66602 is a critical vulnerability in the FAST/TOOLS software provided by Yokogawa Electric Corporation, specifically affecting its web server component that accepts access by IP address. This flaw makes systems discoverable and exploitable by worms or scanners that randomly probe IP addresses across networks. The vulnerability impacts FAST/TOOLS packages including RVSVRN, UNSVRN, HMIWEB, FTEES, and HMIMOB in versions from R9.01 to R10.04. It has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-291.

The attack scenario involves remote attackers with network access, including automated worms that perform random IP address searches, requiring no privileges, authentication, or user interaction. Successful exploitation can result in high-impact compromise, granting attackers full confidentiality, integrity, and availability control over the affected system.

Yokogawa has published security advisory YSAR-26-0001-E, available at https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf, which provides details on mitigation and patching recommendations for this vulnerability.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The web server accepts access by IP address. When a worm that randomly searches for IP addresses intrudes into the network, it could potentially be attacked by the…

more

worm. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Unauthenticated remote access to public-facing web server component enables direct exploitation over the network (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-66603Same product: Yokogawa Fast\/Tools
CVE-2025-66606Same product: Yokogawa Fast\/Tools
CVE-2025-66608Same product: Yokogawa Fast\/Tools
CVE-2025-66597Same product: Yokogawa Fast\/Tools
CVE-2025-66598Same product: Yokogawa Fast\/Tools
CVE-2025-1924Same vendor: Yokogawa
CVE-2026-4252Shared CWE-291
CVE-2025-34202Shared CWE-291

Affected Assets

yokogawa
fast\/tools
r9.01 — r10.04

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the specific flaw in the FAST/TOOLS web server vulnerable to exploitation by IP-scanning worms, as detailed in Yokogawa advisory YSAR-26-0001-E.

prevent

Establishes boundary protections such as firewalls to block unauthorized inbound connections from random IP-probing worms to the exposed web server.

prevent

Restricts the ports, protocols, and services used by the vulnerable FAST/TOOLS web server components (e.g., RVSVRN, HMIWEB), preventing worms from accessing exploitable endpoints.

References