Yokogawa FAST/TOOLS

Plan Patch8.2ICS-CERT ICSA-26-041-01Feb 10, 2026

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities in Yokogawa FAST/TOOLS versions R9.01 through R10.04 allow attackers to redirect users to malicious sites, decrypt communications, perform man-in-the-middle attacks, execute malicious scripts, steal files, and conduct other attacks. Issues include weak cryptographic implementations (CWE-327), information exposure (CWE-209, CWE-497, CWE-359), missing CSRF protections (CWE-352), and insufficient input validation. FAST/TOOLS is used for supervisory control, process engineering, and monitoring in manufacturing and energy sectors.

What this means

What could happen

An attacker could intercept and decrypt communications between FAST/TOOLS instances, redirect users to malicious sites to steal credentials or inject malware, or execute arbitrary scripts on systems running the affected software.

Who's at risk

Manufacturing and energy sector organizations running Yokogawa FAST/TOOLS software versions R9.01 through R10.04 for process automation, engineering, or supervisory control. This includes chemical plants, refineries, power generation facilities, and other facilities using FAST/TOOLS for process design, configuration, or monitoring.

How it could be exploited

An attacker with network access to FAST/TOOLS communication channels could perform a man-in-the-middle attack due to weak cryptography and insufficient input validation, allowing interception of plaintext or easily decrypted sensitive data, redirection of users to phishing sites, or injection of malicious scripts into the application interface.

Prerequisites

Network access to FAST/TOOLS instances (port and protocol unspecified in advisory)
No authentication required to perform MITM attack
Attacker positioned on network path between FAST/TOOLS clients and servers, or able to compromise DNS/network routing

Remotely exploitable over networkNo authentication required for MITM attacksLow attack complexityWeak cryptography (CWE-327)Insufficient input validation (CWE-20)Information disclosure vulnerabilitiesAffects engineering and control software

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

FAST/TOOLS: >=R9.01|<=R10.04≥ R9.01|≤ R10.04R10.04 SP3 (with patch CS_e12787)

Remediation & Mitigation

0/7

Do now

0/1

WORKAROUNDImplement firewall rules to block FAST/TOOLS network traffic from the Internet and restrict access from business networks

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Yokogawa FAST/TOOLS to revision R10.04

HOTFIXApply Yokogawa patch software CS_e12787 after updating to R10.04

HOTFIXApply R10.04 Service Pack 3 after patch CS_e12787 is installed

Long-term hardening

0/3

HARDENINGSegment FAST/TOOLS systems and control networks behind firewalls, isolated from business networks

HARDENINGDeploy intrusion detection and monitoring to detect suspicious FAST/TOOLS traffic or unauthorized access attempts

HARDENINGIf remote access to FAST/TOOLS is required, use a VPN with current security patches and strong authentication

CVEs (14)

CVE-2025-66594 CVE-2025-66595 CVE-2025-66597 CVE-2025-66598 CVE-2025-66599 CVE-2025-66600 CVE-2025-66601 CVE-2025-66602 CVE-2025-66603 CVE-2025-66604 CVE-2025-66605 CVE-2025-66606 CVE-2025-66607 CVE-2025-66608

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/751f7a9c-ef0c-468f-8223-bb0c5584032c