CVE-2025-66605

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Since there are input fields on this webpage with the autocomplete attribute enabled, the input content could be saved in the browser the user is using. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:yokogawa:fast\/tools:*:*:*:*:*:*:*:*

History

05 Mar 2026, 12:47

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.3
References	~~() https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf -~~	() https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf - Vendor Advisory
First Time		Yokogawa fast\/tools Yokogawa
CPE		cpe:2.3:a:yokogawa:fast\/tools::::::::
Summary		(es) Se ha encontrado una vulnerabilidad en FAST/TOOLS proporcionado por Yokogawa Electric Corporation. Dado que hay campos de entrada en esta página web con el atributo de autocompletar habilitado, el contenido de entrada podría guardarse en el navegador que el usuario está utilizando. Los productos y versiones afectados son los siguientes: FAST/TOOLS (Paquetes: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 a R10.04

09 Feb 2026, 04:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-09 04:15

Updated : 2026-03-05 12:47

NVD link : CVE-2025-66605

Mitre link : CVE-2025-66605

CVE.ORG link : CVE-2025-66605

JSON object : View

Products Affected

yokogawa

fast\/tools

CWE

CWE-359

Exposure of Private Personal Information to an Unauthorized Actor

{"id": "CVE-2025-66605", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "7168b535-132a-4efe-a076-338f829b2eb9", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 2.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-02-09T04:15:49.807", "references": [{"url": "https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf", "tags": ["Vendor Advisory"], "source": "7168b535-132a-4efe-a076-338f829b2eb9"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "7168b535-132a-4efe-a076-338f829b2eb9", "description": [{"lang": "en", "value": "CWE-359"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\n\n\n\nSince there are input\nfields on this webpage with the autocomplete attribute enabled, the input\ncontent could be saved in the browser the user is using.\n\n\n\nThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04"}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad en FAST/TOOLS proporcionado por Yokogawa Electric Corporation.\n\nDado que hay campos de entrada en esta p\u00e1gina web con el atributo de autocompletar habilitado, el contenido de entrada podr\u00eda guardarse en el navegador que el usuario est\u00e1 utilizando.\n\nLos productos y versiones afectados son los siguientes: FAST/TOOLS (Paquetes: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 a R10.04"}], "lastModified": "2026-03-05T12:47:52.460", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:yokogawa:fast\\/tools:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09CB375F-6336-400F-941D-1EFF531E6D59", "versionEndIncluding": "r10.04", "versionStartIncluding": "r9.01"}], "operator": "OR"}]}], "sourceIdentifier": "7168b535-132a-4efe-a076-338f829b2eb9"}