PatchSiren cyber security CVE debrief
CVE-2025-66605 Yokogawa CVE debrief
CVE-2025-66605 is a low-severity disclosure issue in Yokogawa FAST/TOOLS published by CISA as ICSA-26-041-01 on 2026-02-10. The advisory states that input fields on a web page have the autocomplete attribute enabled, which can cause entered content to be saved in the browser being used. The supplied CVSS vector reflects a network-reachable issue that requires user interaction and has limited confidentiality impact.
- Vendor
- Yokogawa
- Product
- FAST/TOOLS
- CVSS
- LOW 3.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-10
- Original CVE updated
- 2026-02-10
- Advisory published
- 2026-02-10
- Advisory updated
- 2026-02-10
Who should care
Operators and administrators of Yokogawa FAST/TOOLS, especially teams managing web forms that may collect sensitive user input, should review the advisory and apply the vendor remediation. Security teams responsible for industrial control system patching and browser/data-handling policy should also care.
Technical summary
The source corpus describes a web application input-handling issue rather than code execution or service disruption. With autocomplete enabled on form fields, data entered by a user may be retained by the browser. The advisory rates the issue CVSS 3.1 3.1 (AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N), indicating remote reachability, required user interaction, and limited confidentiality impact only. The vendor mitigation is to update to revision R10.04, apply patch software CS_e12787, and then apply R10.04 SP3.
Defensive priority
Low overall, but worth scheduling with normal patching because the exposure affects user-entered data and a vendor fix is available. Prioritize systems where web forms may receive sensitive information.
Recommended defensive actions
- Update Yokogawa FAST/TOOLS to revision R10.04.
- Apply patch software CS_e12787.
- After the patch is applied, apply R10.04 SP3.
- Review web forms that collect sensitive data and disable autocomplete where appropriate.
- Align deployment hardening with CISA ICS recommended practices, including patching, zoning, hardening, whitelisting, backups, and firewalling.
- If you need vendor guidance, use the Yokogawa contact path provided in the advisory.
Evidence notes
The advisory text in the supplied CSAF source states: "Since there are input fields on this web page with the autocomplete attribute enabled, the input content could be saved in the browser the user is using." The source metadata lists no exploitation campaign, no KEV entry, and no ransomware association. The published and modified dates are both 2026-02-10, matching the CISA CSAF publication date for ICSA-26-041-01. The remediation section explicitly recommends R10.04, patch CS_e12787, and then R10.04 SP3.
Official resources
-
CVE-2025-66605 CVE record
CVE.org
-
CVE-2025-66605 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in CISA’s CSAF advisory ICSA-26-041-01 on 2026-02-10. The source corpus shows no KEV listing and no ransomware campaign linkage.