CVE-2025-66606
Awaiting Analysis
Awaiting Analysis - Queue
Cross-Site Scripting in Yokogawa FAST/TOOLS Web Components
Publication date: 2026-02-09
Last updated on: 2026-03-05
Assigner: YokogawaGroup
Description
Description
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
This product does not
properly encode URLs. An attacker could tamper with web pages or execute
malicious scripts.
The
affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to
R10.04
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| yokogawa | fast/tools | From r9.01 (inc) to r10.04 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-86 | The product does not neutralize or incorrectly neutralizes invalid characters or byte sequences in the middle of tag names, URI schemes, and other identifiers. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the FAST/TOOLS product by Yokogawa Electric Corporation. The issue is that the product does not properly encode URLs, which means that an attacker could manipulate web pages or execute malicious scripts by tampering with these URLs.
How can this vulnerability impact me? :
Because the product does not properly encode URLs, an attacker could exploit this to alter web pages or run malicious scripts. This could lead to unauthorized actions or data manipulation within the affected system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70