CVE-2025-66605 Overview
A vulnerability has been identified in FAST/TOOLS, a process control and industrial automation software suite provided by Yokogawa Electric Corporation. The vulnerability stems from input fields on web pages that have the autocomplete attribute enabled, which could allow sensitive input content to be saved in the user's browser. This exposure of private information (CWE-359) could potentially allow unauthorized access to cached credentials or sensitive data stored in browser autocomplete history.
Critical Impact
Sensitive user input may be cached in browser autocomplete history, potentially exposing credentials or other sensitive information to unauthorized users with access to the same browser instance.
Affected Products
- FAST/TOOLS Package: RVSVRN (R9.01 to R10.04)
- FAST/TOOLS Package: UNSVRN (R9.01 to R10.04)
- FAST/TOOLS Package: HMIWEB (R9.01 to R10.04)
- FAST/TOOLS Package: FTEES (R9.01 to R10.04)
- FAST/TOOLS Package: HMIMOB (R9.01 to R10.04)
Discovery Timeline
- 2026-02-09 - CVE CVE-2025-66605 published to NVD
- 2026-02-09 - Last updated in NVD database
Technical Details for CVE-2025-66605
Vulnerability Analysis
This vulnerability is classified under CWE-359 (Exposure of Private Personal Information to an Unauthorized Actor). The issue occurs because web input fields within the FAST/TOOLS interface do not properly disable the HTML autocomplete attribute. When users enter sensitive information such as credentials, configuration parameters, or operational data into these fields, the browser may cache this information in its autocomplete history.
In industrial control system (ICS) environments where FAST/TOOLS is deployed, this could be particularly concerning as operators may share workstations or use kiosk-style terminals. The network-based attack vector requires user interaction, as an attacker would need access to the same browser instance where the sensitive data was cached.
Root Cause
The root cause of this vulnerability is the failure to implement proper HTML security attributes on sensitive input fields. Specifically, the autocomplete="off" attribute was not applied to form fields that handle sensitive data such as usernames, passwords, or operational parameters. This is a common oversight in web application development but carries heightened risk in industrial control system environments where shared workstations are common.
Attack Vector
The attack scenario requires network access and user interaction. An attacker with physical or remote access to a workstation where a legitimate user has previously entered sensitive data could:
- Access the browser's autocomplete suggestions on the FAST/TOOLS web interface
- View previously entered credentials or sensitive operational data
- Use this information to gain unauthorized access to the ICS environment
The vulnerability does not require authentication to exploit once the attacker has access to the browser instance. However, the exploitation complexity is considered high as it requires the attacker to have access to a browser where sensitive data was previously entered.
Detection Methods for CVE-2025-66605
Indicators of Compromise
- Review browser autocomplete data stores for cached FAST/TOOLS credentials or sensitive input
- Monitor for unauthorized access to shared workstations running FAST/TOOLS web interfaces
- Check for unusual login patterns or access from shared terminal sessions
Detection Strategies
- Implement browser policy monitoring to detect autocomplete data retention on ICS workstations
- Deploy endpoint detection to identify access to browser profile data directories
- Monitor authentication logs for credential reuse patterns that may indicate autocomplete data exposure
Monitoring Recommendations
- Enable logging for all authentication attempts to FAST/TOOLS web interfaces
- Implement session monitoring to detect unusual access patterns from shared workstations
- Configure alerts for browser policy violations in ICS environments
How to Mitigate CVE-2025-66605
Immediate Actions Required
- Review and apply the security guidance provided in the Yokogawa Security Advisory YSAR-26-0001
- Implement browser policies to disable autocomplete functionality on workstations accessing FAST/TOOLS
- Clear browser autocomplete data on all workstations that have accessed FAST/TOOLS web interfaces
- Restrict physical access to ICS workstations running FAST/TOOLS
Patch Information
Yokogawa Electric Corporation has released security guidance for this vulnerability. Organizations should consult the Yokogawa Security Advisory YSAR-26-0001 for detailed remediation steps and any available patches. Affected versions include FAST/TOOLS packages RVSVRN, UNSVRN, HMIWEB, FTEES, and HMIMOB from versions R9.01 through R10.04.
Workarounds
- Configure browser policies to disable form autocomplete (e.g., Chrome policies, Firefox enterprise settings)
- Implement private/incognito browsing mode requirements for accessing FAST/TOOLS interfaces
- Deploy dedicated, single-user workstations for FAST/TOOLS access where feasible
- Regularly clear browser data on shared workstations using automated scripts or group policies
# Example: Chrome browser policy to disable autocomplete (Windows Group Policy)
# Create registry key to disable AutofillAddressEnabled
# HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome
# AutofillAddressEnabled = 0
# AutofillCreditCardEnabled = 0
# For Firefox, set in policies.json:
# "DisableFormHistory": true
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
