{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-66600","assignerOrgId":"7168b535-132a-4efe-a076-338f829b2eb9","state":"PUBLISHED","assignerShortName":"YokogawaGroup","dateReserved":"2025-12-05T05:04:18.583Z","datePublished":"2026-02-09T03:24:33.044Z","dateUpdated":"2026-02-09T19:06:08.322Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unknown","product":"FAST/TOOLS","vendor":"Yokogawa Electric Corporation","versions":[{"lessThanOrEqual":"R10.04","status":"affected","version":"R9.01","versionType":"custom"}]}],"datePublic":"2026-02-09T03:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.</p>\n\n<p>This product lacks\nHSTS (HTTP Strict Transport Security) configuration. When an attacker performs\na Man in the middle (MITM) attack, communications with the web server could be\nsniffed.</p>\n\n<p>The\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04</p>"}],"value":"A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\n\n\n\nThis product lacks\nHSTS (HTTP Strict Transport Security) configuration. When an attacker performs\na Man in the middle (MITM) attack, communications with the web server could be\nsniffed.\n\n\n\nThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04"}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":8.8,"baseSeverity":"HIGH","exploitMaturity":"NOT_DEFINED","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-358","description":"CWE-358","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"7168b535-132a-4efe-a076-338f829b2eb9","shortName":"YokogawaGroup","dateUpdated":"2026-02-09T03:24:33.044Z"},"references":[{"url":"https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.5.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-02-09T19:04:10.750639Z","id":"CVE-2025-66600","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-09T19:06:08.322Z"}}]}}