CVE-2025-66602 Yokogawa CVE debrief

Who should care

Organizations running Yokogawa FAST/TOOLS should care, especially OT/ICS teams responsible for server exposure, patching, segmentation, and perimeter controls. The risk is most relevant where the web server is reachable from untrusted or broadly accessible network zones.

Technical summary

The advisory describes a web server exposure condition in Yokogawa FAST/TOOLS. CISA provides CVSS v3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, indicating a network-reachable issue that requires no privileges or user interaction and is scored for low confidentiality impact. The published remediation is to update to revision R10.04, apply patch software CS_e12787, and then apply R10.04 SP3.

Defensive priority

Medium. Patch promptly if FAST/TOOLS is deployed, and reduce exposure of the web server while updates are being planned or rolled out.

Recommended defensive actions

• Update Yokogawa FAST/TOOLS to revision R10.04.
• Apply patch software CS_e12787.
• After applying the patch, apply R10.04 SP3.
• Restrict access to the FAST/TOOLS web server using network segmentation and firewall rules.
• Review OT/ICS hardening, whitelisting, and antivirus coverage as part of a broader security program.
• Validate backup and recovery readiness before making changes.
• Contact Yokogawa via the advisory’s support channel if you need help confirming remediation steps.

Evidence notes

All claims are drawn from the CISA CSAF advisory for ICSA-26-041-01 / CVE-2025-66602 and its listed remediations and references. The source states the web server accepts access by IP address and warns about worm activity that randomly searches for IP addresses. The CVSS vector provided in the advisory is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.

Official resources