CVE-2025-66597

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product supports weak cryptographic algorithms, potentially allowing an attacker to decrypt communications with the web server. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:yokogawa:fast\/tools:*:*:*:*:*:*:*:*

History

06 Mar 2026, 20:29

Type	Values Removed	Values Added
CPE		cpe:2.3:a:yokogawa:fast\/tools::::::::
References	~~() https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf -~~	() https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf - Vendor Advisory
Summary		(es) Se ha encontrado una vulnerabilidad en FAST/TOOLS proporcionado por Yokogawa Electric Corporation. Este producto soporta algoritmos criptográficos débiles, lo que podría permitir a un atacante descifrar las comunicaciones con el servidor web. Los productos y versiones afectados son los siguientes: FAST/TOOLS (Paquetes: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 a R10.04
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
First Time		Yokogawa fast\/tools Yokogawa

09 Feb 2026, 05:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-09 05:16

Updated : 2026-03-06 20:29

NVD link : CVE-2025-66597

Mitre link : CVE-2025-66597

CVE.ORG link : CVE-2025-66597

JSON object : View

Products Affected

yokogawa

fast\/tools

CWE

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

{"id": "CVE-2025-66597", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "7168b535-132a-4efe-a076-338f829b2eb9", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.8, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-02-09T05:16:24.070", "references": [{"url": "https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf", "tags": ["Vendor Advisory"], "source": "7168b535-132a-4efe-a076-338f829b2eb9"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "7168b535-132a-4efe-a076-338f829b2eb9", "description": [{"lang": "en", "value": "CWE-327"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\n\n\n\nThis product supports\nweak cryptographic algorithms, potentially allowing an attacker to decrypt\ncommunications with the web server.\n\n\n\nThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04"}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad en FAST/TOOLS proporcionado por Yokogawa Electric Corporation.\n\nEste producto soporta algoritmos criptogr\u00e1ficos d\u00e9biles, lo que podr\u00eda permitir a un atacante descifrar las comunicaciones con el servidor web.\n\nLos productos y versiones afectados son los siguientes: FAST/TOOLS (Paquetes: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 a R10.04"}], "lastModified": "2026-03-06T20:29:06.233", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:yokogawa:fast\\/tools:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09CB375F-6336-400F-941D-1EFF531E6D59", "versionEndIncluding": "r10.04", "versionStartIncluding": "r9.01"}], "operator": "OR"}]}], "sourceIdentifier": "7168b535-132a-4efe-a076-338f829b2eb9"}