CVE-2025-66602
Published: 09 February 2026
Summary
CVE-2025-66602 is a critical-severity Reliance on IP Address for Authentication (CWE-291) vulnerability in Yokogawa Fast\/Tools. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 20.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-41 (Port and I/O Device Access) and SC-7 (Boundary Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the specific flaw in the FAST/TOOLS web server vulnerable to exploitation by IP-scanning worms, as detailed in Yokogawa advisory YSAR-26-0001-E.
Establishes boundary protections such as firewalls to block unauthorized inbound connections from random IP-probing worms to the exposed web server.
Restricts the ports, protocols, and services used by the vulnerable FAST/TOOLS web server components (e.g., RVSVRN, HMIWEB), preventing worms from accessing exploitable endpoints.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated remote access to public-facing web server component enables direct exploitation over the network (T1190).
NVD Description
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The web server accepts access by IP address. When a worm that randomly searches for IP addresses intrudes into the network, it could potentially be attacked by the…
more
worm. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04
Deeper analysisAI
CVE-2025-66602 is a critical vulnerability in the FAST/TOOLS software provided by Yokogawa Electric Corporation, specifically affecting its web server component that accepts access by IP address. This flaw makes systems discoverable and exploitable by worms or scanners that randomly probe IP addresses across networks. The vulnerability impacts FAST/TOOLS packages including RVSVRN, UNSVRN, HMIWEB, FTEES, and HMIMOB in versions from R9.01 to R10.04. It has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-291.
The attack scenario involves remote attackers with network access, including automated worms that perform random IP address searches, requiring no privileges, authentication, or user interaction. Successful exploitation can result in high-impact compromise, granting attackers full confidentiality, integrity, and availability control over the affected system.
Yokogawa has published security advisory YSAR-26-0001-E, available at https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf, which provides details on mitigation and patching recommendations for this vulnerability.
Details
- CWE(s)