Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2025-66594

CVE-2025-66594: Yokogawa FAST/TOOLS Info Disclosure Bug

CVE-2025-66594 is an information disclosure vulnerability in Yokogawa Electric's FAST/TOOLS that exposes detailed error messages to attackers. This article covers technical details, affected versions, and mitigations.

Published:

CVE-2025-66594 Overview

A vulnerability has been identified in Yokogawa Electric Corporation's FAST/TOOLS industrial automation software. The vulnerability involves detailed error messages being displayed on error pages, which could expose sensitive information to attackers. This information disclosure weakness (CWE-209: Generation of Error Message Containing Sensitive Information) could be leveraged by malicious actors to gather intelligence for subsequent attacks against the affected systems.

Critical Impact

Attackers can extract sensitive system information from detailed error messages, potentially enabling reconnaissance for more sophisticated attacks against industrial control systems.

Affected Products

  • FAST/TOOLS Package RVSVRN (Versions R9.01 to R10.04)
  • FAST/TOOLS Package UNSVRN (Versions R9.01 to R10.04)
  • FAST/TOOLS Package HMIWEB (Versions R9.01 to R10.04)
  • FAST/TOOLS Package FTEES (Versions R9.01 to R10.04)
  • FAST/TOOLS Package HMIMOB (Versions R9.01 to R10.04)

Discovery Timeline

  • 2026-02-09 - CVE-2025-66594 published to NVD
  • 2026-02-09 - Last updated in NVD database

Technical Details for CVE-2025-66594

Vulnerability Analysis

This vulnerability represents an information disclosure flaw in Yokogawa FAST/TOOLS, an industrial automation software suite used in SCADA and process control environments. The core issue lies in the application's error handling mechanism, which generates overly verbose error messages containing sensitive system information when errors occur.

In industrial control system (ICS) environments, such information leakage is particularly concerning as it can reveal details about the underlying infrastructure, software versions, file paths, database structures, or internal network configurations. This reconnaissance data can significantly lower the barrier for attackers planning targeted attacks against critical infrastructure.

Root Cause

The root cause is improper error handling that fails to sanitize or suppress sensitive details before presenting error messages to users. Instead of displaying generic error messages, the application exposes detailed diagnostic information that should only be available to system administrators or logged internally. This violates the security principle of providing minimal information disclosure to external users.

Attack Vector

The vulnerability is exploitable over the network without requiring authentication or user interaction. An attacker can trigger error conditions by sending malformed requests or accessing invalid resources within the FAST/TOOLS web interface. The resulting error pages may reveal:

  • Internal file paths and directory structures
  • Software version information and configuration details
  • Database connection strings or query information
  • Stack traces exposing code logic and function names
  • Server environment variables and system properties

This information can be systematically collected and used to identify additional vulnerabilities, craft targeted exploits, or map the internal architecture of the industrial control system environment.

Detection Methods for CVE-2025-66594

Indicators of Compromise

  • Unusual patterns of HTTP requests designed to trigger error conditions (404s, 500s, malformed parameters)
  • Repeated access to non-existent pages or resources from single IP addresses
  • Automated scanning activity targeting FAST/TOOLS web interfaces
  • Log entries showing systematic probing of error-generating endpoints

Detection Strategies

  • Monitor web server logs for patterns indicating deliberate error generation attempts
  • Implement web application firewall (WAF) rules to detect reconnaissance scanning patterns
  • Configure network intrusion detection systems (IDS) to alert on suspicious traffic to FAST/TOOLS ports
  • Review access logs for unusual request patterns from external or unauthorized IP addresses

Monitoring Recommendations

  • Enable verbose logging on FAST/TOOLS web components to capture client request details
  • Implement centralized log collection and analysis for correlation of suspicious activities
  • Set up alerting thresholds for abnormal error rates that may indicate active reconnaissance
  • Conduct periodic reviews of error logs to identify potential information exposure incidents

How to Mitigate CVE-2025-66594

Immediate Actions Required

  • Review and apply patches or updates from Yokogawa as detailed in Yokogawa Security Advisory YSAR-26-0001-E
  • Restrict network access to FAST/TOOLS web interfaces to authorized personnel only
  • Implement network segmentation to isolate ICS components from general network access
  • Configure web server error handling to suppress detailed error messages in production environments

Patch Information

Yokogawa Electric Corporation has released security guidance for this vulnerability. Administrators should consult the Yokogawa Security Advisory YSAR-26-0001-E for detailed patch information and remediation instructions specific to their deployed FAST/TOOLS packages and versions.

Workarounds

  • Configure custom error pages that display generic messages without system details
  • Place FAST/TOOLS web interfaces behind a reverse proxy that can filter error responses
  • Implement IP-based access controls to limit who can access the web interfaces
  • Enable authentication requirements for all FAST/TOOLS web components to reduce anonymous access
bash
# Example: Configure reverse proxy to suppress detailed error pages
# Add to nginx configuration for FAST/TOOLS proxy
proxy_intercept_errors on;
error_page 400 401 403 404 500 502 503 504 /custom_error.html;

location = /custom_error.html {
    root /usr/share/nginx/html;
    internal;
}

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.