{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-66600", "assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9", "state": "PUBLISHED", "assignerShortName": "YokogawaGroup", "dateReserved": "2025-12-05T05:04:18.583Z", "datePublished": "2026-02-09T03:24:33.044Z", "dateUpdated": "2026-02-09T19:06:08.322Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "FAST/TOOLS", "vendor": "Yokogawa Electric Corporation", "versions": [{"lessThanOrEqual": "R10.04", "status": "affected", "version": "R9.01", "versionType": "custom"}]}], "datePublic": "2026-02-09T03:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.</p>\n\n<p>This product lacks\nHSTS (HTTP Strict Transport Security) configuration. When an attacker performs\na Man in the middle (MITM) attack, communications with the web server could be\nsniffed.</p>\n\n<p>The\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04</p>"}], "value": "A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\n\n\n\nThis product lacks\nHSTS (HTTP Strict Transport Security) configuration. When an attacker performs\na Man in the middle (MITM) attack, communications with the web server could be\nsniffed.\n\n\n\nThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04"}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.8, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-358", "description": "CWE-358", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7168b535-132a-4efe-a076-338f829b2eb9", "shortName": "YokogawaGroup", "dateUpdated": "2026-02-09T03:24:33.044Z"}, "references": [{"url": "https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-09T19:04:10.750639Z", "id": "CVE-2025-66600", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-09T19:06:08.322Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-66600", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-09T19:04:10.750639Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-09T19:04:11.394Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.8, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Yokogawa Electric Corporation", "product": "FAST/TOOLS", "versions": [{"status": "affected", "version": "R9.01", "versionType": "custom", "lessThanOrEqual": "R10.04"}], "defaultStatus": "unknown"}], "datePublic": "2026-02-09T03:00:00.000Z", "references": [{"url": "https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\n\n\n\nThis product lacks\nHSTS (HTTP Strict Transport Security) configuration. When an attacker performs\na Man in the middle (MITM) attack, communications with the web server could be\nsniffed.\n\n\n\nThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04", "supportingMedia": [{"type": "text/html", "value": "<p>A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.</p>\n\n<p>This product lacks\nHSTS (HTTP Strict Transport Security) configuration. When an attacker performs\na Man in the middle (MITM) attack, communications with the web server could be\nsniffed.</p>\n\n<p>The\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-358", "description": "CWE-358"}]}], "providerMetadata": {"orgId": "7168b535-132a-4efe-a076-338f829b2eb9", "shortName": "YokogawaGroup", "dateUpdated": "2026-02-09T03:24:33.044Z"}}}, "cveMetadata": {"cveId": "CVE-2025-66600", "state": "PUBLISHED", "dateUpdated": "2026-02-09T19:06:08.322Z", "dateReserved": "2025-12-05T05:04:18.583Z", "assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9", "datePublished": "2026-02-09T03:24:33.044Z", "assignerShortName": "YokogawaGroup"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\n\n\n\nThis product lacks\nHSTS (HTTP Strict Transport Security) configuration. When an attacker performs\na Man in the middle (MITM) attack, communications with the web server could be\nsniffed.\n\n\n\nThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04"}, {"lang": "es", "value": "Una vulnerabilidad ha sido encontrada en FAST/TOOLS proporcionado por Yokogawa Electric Corporation.\n\nEste producto carece de configuraci\u00f3n HSTS (HTTP Strict Transport Security). Cuando un atacante realiza un ataque de Man in the middle (MitM), las comunicaciones con el servidor web podr\u00edan ser interceptadas.\n\nLos productos y versiones afectados son los siguientes: FAST/TOOLS (Paquetes: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 a R10.04"}], "id": "CVE-2025-66600", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "7168b535-132a-4efe-a076-338f829b2eb9", "type": "Secondary"}]}, "published": "2026-02-09T04:15:49.170", "references": [{"source": "7168b535-132a-4efe-a076-338f829b2eb9", "url": "https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf"}], "sourceIdentifier": "7168b535-132a-4efe-a076-338f829b2eb9", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-358"}], "source": "7168b535-132a-4efe-a076-338f829b2eb9", "type": "Secondary"}]}

{}

{"created": "2026-02-09T10:39:12.069651+00:00", "updated": "2026-02-09T10:39:12.069678+00:00", "vendors": ["yokogawa", "yokogawa$PRODUCT$fast/tools"]}