Yokogawa FAST/TOOLS

Plan PatchCVSS 8.2ICS-CERT ICSA-26-041-01Feb 10, 2026

YokogawaEnergyManufacturing

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Yokogawa FAST/TOOLS versions R9.01 through R10.04 contain multiple security vulnerabilities that could allow attackers to redirect users to malicious sites, decrypt communications, perform man-in-the-middle attacks, execute malicious scripts, steal files, and perform other attacks. The vulnerabilities involve information disclosure, lack of CSRF protection, weak cryptographic practices, and improper validation of user input.

What this means

What could happen

An attacker could intercept communications with FAST/TOOLS, redirect operators to fake login pages to steal credentials, or execute scripts that modify configuration or process parameters, compromising system integrity and control authority.

Who's at risk

This affects engineering teams and operators at manufacturing plants and energy facilities (refineries, power plants, water treatment) that use Yokogawa FAST/TOOLS for process monitoring and control configuration. Any operator workstation running affected versions is at risk of credential theft or manipulation.

How it could be exploited

An attacker with network access to FAST/TOOLS could perform a man-in-the-middle attack by intercepting unencrypted communications or exploiting weak cryptography, then use information disclosure vulnerabilities to gather sensitive data or redirect users to malicious sites. Cross-site request forgery (CSRF) weaknesses could allow execution of unauthorized commands if an operator visits a compromised site while logged into FAST/TOOLS.

Prerequisites

Network access to FAST/TOOLS on the network
Ability to intercept network traffic (for MITM attacks) or deceive users into clicking malicious links
No authentication required for some information disclosure vectors

remotely exploitableno authentication required for some vectorslow complexityaffects critical manufacturing and energy control systemshigh CVSS score (8.2)

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

FAST/TOOLS: >=R9.01|<=R10.04≥ R9.01|≤ R10.04R10.04 SP3 (with patch CS_e12787)

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGRestrict network access to FAST/TOOLS workstations from untrusted networks and the Internet; place systems behind firewalls or on isolated engineering networks only

WORKAROUNDFor remote access to FAST/TOOLS, use a VPN with current security patches instead of direct exposure; keep VPN firmware and software updated

HARDENINGTrain operators not to click links or download attachments from unsolicited emails, especially those claiming to be from FAST/TOOLS or engineering teams

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate FAST/TOOLS to revision R10.04, apply patch software CS_e12787, then update to R10.04 SP3

Long-term hardening

0/1

HARDENINGSegment the engineering network running FAST/TOOLS from the business network to prevent lateral movement if business network is compromised

CVEs (14)

CVE-2025-66594 CVE-2025-66595 CVE-2025-66597 CVE-2025-66598 CVE-2025-66599 CVE-2025-66600 CVE-2025-66601 CVE-2025-66602 CVE-2025-66603 CVE-2025-66604 CVE-2025-66605 CVE-2025-66606 CVE-2025-66607 CVE-2025-66608

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/751f7a9c-ef0c-468f-8223-bb0c5584032c

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.