PatchSiren cyber security CVE debrief
CVE-2025-66606 Yokogawa CVE debrief
CVE-2025-66606 affects Yokogawa FAST/TOOLS and is described by CISA as a URL encoding problem. The advisory says an attacker could tamper with web pages or execute malicious scripts. The published CVSS vector indicates network access, high attack complexity, no privileges required, and user interaction required, with low confidentiality impact and no availability impact. Yokogawa’s recommended fix is to update to revision R10.04, apply patch software CS_e12787, and then apply R10.04 SP3.
- Vendor
- Yokogawa
- Product
- FAST/TOOLS
- CVSS
- LOW 3.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-10
- Original CVE updated
- 2026-02-10
- Advisory published
- 2026-02-10
- Advisory updated
- 2026-02-10
Who should care
OT/ICS operators, Yokogawa FAST/TOOLS administrators, web application owners using the product, and security teams responsible for industrial control environments and perimeter web exposure.
Technical summary
The source advisory states that FAST/TOOLS does not properly encode URLs. In practical terms, that weakness can allow web page tampering or malicious script execution when a user interacts with affected content. The supplied CVSS 3.1 vector is AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N, which aligns with a user-interaction-dependent web weakness with limited confidentiality impact and no direct availability impact. The remediation listed by the vendor is to move to R10.04, apply CS_e12787, and then apply R10.04 SP3.
Defensive priority
Low severity, but still worth scheduling in the normal patch cycle for any exposed FAST/TOOLS deployment. Prioritize faster remediation if the web interface is reachable by users or if the environment has strict requirements around integrity of operator-facing pages.
Recommended defensive actions
- Update Yokogawa FAST/TOOLS to revision R10.04, apply patch software CS_e12787, and then apply R10.04 SP3 as directed in the advisory.
- Validate the update path in a maintenance window and confirm the patched version is deployed across all affected instances.
- Review access to any FAST/TOOLS web interfaces and reduce exposure to only necessary users and networks.
- Apply defense-in-depth controls already recommended by Yokogawa and CISA, including patch management, hardening, whitelisting, firewalls, zoning, backup and recovery, and antivirus where appropriate.
- Use the official Yokogawa contact path in the advisory for product-specific questions or confirmation of remediation steps.
Evidence notes
All substantive claims are drawn from the supplied CISA CSAF source item for ICSA-26-041-01 and its associated references. The advisory text explicitly says the product does not properly encode URLs and that an attacker could tamper with web pages or execute malicious scripts. The remediation section explicitly recommends updating to R10.04, applying CS_e12787, and then applying R10.04 SP3. The supplied CVSS vector is CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N. No affected version range was provided in the corpus, so this debrief avoids version-specific claims beyond the stated remediation.
Official resources
-
CVE-2025-66606 CVE record
CVE.org
-
CVE-2025-66606 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the advisory ICSA-26-041-01 on 2026-02-10, with the source item showing the same publication and modification timestamps. This debrief uses the CVE publication date supplied in the corpus and does not infer any earlier issue-