PatchSiren cyber security CVE debrief
CVE-2025-66603 Yokogawa CVE debrief
CVE-2025-66603 is a low-severity issue in Yokogawa FAST/TOOLS where the web server accepts the HTTP OPTIONS method. The advisory says this information could potentially be used to carry out other attacks, so the main concern is reconnaissance and chaining rather than direct impact. Yokogawa’s remediation is to update to R10.04, apply patch software CS_e12787, and then apply R10.04 SP3.
- Vendor
- Yokogawa
- Product
- FAST/TOOLS
- CVSS
- LOW 3.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-10
- Original CVE updated
- 2026-02-10
- Advisory published
- 2026-02-10
- Advisory updated
- 2026-02-10
Who should care
Operators and administrators of Yokogawa FAST/TOOLS deployments, especially OT/ICS teams that expose the product’s web server internally or externally. Security teams responsible for segmentation, patching, and routine hardening in industrial environments should also review it.
Technical summary
CISA’s CSAF advisory for ICSA-26-041-01 describes a FAST/TOOLS web server that accepts OPTIONS requests. The supplied CVSS 3.1 vector is AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N, which aligns with limited confidentiality impact, no integrity or availability impact, and a requirement for user interaction. The issue is best understood as a low-impact information disclosure / capability-enumeration weakness that may help an attacker prepare or chain follow-on activity. The published remediation sequence is to update to R10.04, apply patch software CS_e12787, and then apply R10.04 SP3.
Defensive priority
Low overall, but worth addressing in the next planned maintenance window if FAST/TOOLS is in use, reachable on a network, or part of a sensitive OT environment.
Recommended defensive actions
- Update Yokogawa FAST/TOOLS to revision R10.04.
- Apply patch software CS_e12787, then apply R10.04 SP3 as directed by the advisory.
- Review how the FAST/TOOLS web server is exposed and restrict access using segmentation and firewall controls where appropriate.
- Follow Yokogawa and CISA ICS defense-in-depth guidance, including hardening, whitelisting, backup/recovery, and routine security program maintenance.
Evidence notes
This debrief is based on the supplied CISA CSAF advisory metadata and remediation text for ICSA-26-041-01. The source description states that the web server accepts the OPTIONS method and that an attacker could potentially use that information to carry out other attacks. The advisory metadata includes the CVSS 3.1 vector AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N and a revision history noting an initial republication of YSAR-26-0001-E on 2026-02-10. No KEV entry was provided in the source corpus.
Official resources
-
CVE-2025-66603 CVE record
CVE.org
-
CVE-2025-66603 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA in ICSA-26-041-01 on 2026-02-10. The supplied metadata shows the advisory was published and modified on the same date, with revision history indicating an initial republication of YSAR-26-0001-E.