Yokogawa FAST/TOOLS, Path Traversal, CVE-2025-66608 (High)

Listen to this Post

CVE-2025-66608 is a high-severity vulnerability found in Yokogawa Electric Corporation’s FAST/TOOLS industrial automation software. The core issue is that the product fails to properly validate user-supplied URLs when processing HTTP requests. This flaw, categorized under CWE-29 (Path Traversal: ‘..\filename’), allows an attacker to bypass intended access restrictions. By sending specially crafted HTTP requests containing directory traversal sequences (like ../), an unauthenticated remote attacker can navigate out of the web server’s root directory. This exploitation leads to the unauthorized reading and theft of arbitrary files stored on the underlying file system of the FAST/TOOLS web server. The vulnerability affects multiple software packages (RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) across versions R9.01 to R10.04. With a CVSS v4.0 base score of 8.7, its severity is high due to the network attack vector, low attack complexity, and high confidentiality impact, all without requiring any privileges or user interaction. This poses a significant risk to operational technology (OT) environments where sensitive configuration files and process data reside.

dailycve form:

Platform: Yokogawa FAST/TOOLS
Version: R9.01-R10.04
Vulnerability : Path Traversal
Severity: HIGH
date: 2026-02-09

Prediction: Patch expected soon.

What Undercode Say:

Analytics:

To determine if your system is vulnerable, you can perform a non-intrusive test using a tool like `curl` to request a sensitive file using path traversal sequences.
`curl -v “http://:/../../../../windows/win.ini”`
`curl -v “http://:/..\..\..\..\etc/passwd”`
If the server returns the contents of the requested file instead of an error, it is vulnerable. For passive analysis, check web server logs for unusual patterns:

`grep “\.\.\/” /var/log/fasttools/access.log`

`grep “\.\.\\” /var/log/fasttools/access.log`

Exploit:

An attacker exploits this by crafting a GET request with path traversal characters. The vulnerability lies in the server’s failure to sanitize the URL, allowing the request to escape the webroot.

`GET /..\..\..\..\Program%20Files%5CYokogawa%5CFASTTOOLS%5Cconfig%5Cdatabase.ini HTTP/1.1`

`Host: 192.168.1.100`

`Connection: close`

Successful exploitation results in the disclosure of critical system or application files, such as configuration files containing credentials, source code, or operational data.

Protection from this CVE:

Immediately restrict network access to the FAST/TOOLS web interface to trusted IP addresses only via firewall rules. Apply network segmentation to isolate the OT network. If available, deploy a Web Application Firewall (WAF) with rules to block path traversal patterns (e.g., ..\, ../, %2e%2e%2f). Monitor vendor communications (Yokogawa) for official patches and apply them as soon as they are released for the affected versions.

Impact:

Successful exploitation leads to a high confidentiality breach. An attacker can steal sensitive files, including system files (like /etc/passwd) and application-specific data (configuration files, passwords, engineering data). This information leakage can serve as a stepping stone for more severe attacks, potentially leading to full system compromise or disruption of industrial processes.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top