Yokogawa FAST/TOOLS XML External Entity
Low RiskICS-CERT ICSA-14-343-01Sep 11, 2014
Summary
Yokogawa FAST/TOOLS versions R9.01 through R9.05_SP1 contain an XML External Entity (XXE) vulnerability (CWE-611). The application improperly parses XML files without disabling external entity processing. An attacker can craft a malicious XML file containing external entity declarations to read arbitrary files from the system or exhaust system resources, causing denial of service.
What this means
What could happen
An attacker could send a malicious XML file to the FAST/TOOLS application, potentially reading sensitive files from the workstation or causing a denial of service by consuming system resources.
Who's at risk
Yokogawa FAST/TOOLS users managing manufacturing, water treatment, or power systems who handle process configuration files. Engineering staff and operators who import or open XML-based configuration or recipe files are at risk.
How it could be exploited
An attacker crafts an XML file with an external entity declaration and submits it to FAST/TOOLS. When the application parses the XML without proper validation, it processes the external entity reference, allowing the attacker to read local files from the system or trigger denial of service through billion laughs attacks.
Prerequisites
- User interaction: an operator or engineer must open a malicious XML file in FAST/TOOLS
- Local or network access to the FAST/TOOLS workstation to deliver the XML file
no patch availablerequires user interactioncan lead to information disclosurepotential denial of service
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
FAST/TOOLS: R9.01_though_R9.05_SP1R9.01 though R9.05 SP1No fix (EOL)
Remediation & Mitigation
0/3
Do now
0/2WORKAROUNDRestrict file uploads and XML imports in FAST/TOOLS to trusted sources only; implement file type validation on the workstation
HARDENINGApply input validation and disable external entity processing in any XML parsers used by FAST/TOOLS if configuration options are available
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HARDENINGIsolate FAST/TOOLS engineering workstations on a protected network segment with restricted access from untrusted sources
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/de7a4e88-6105-4c13-ae1b-4b038f815e93