Primary

Context

Yokogawa FAST/TOOLS HSTS Configuration Vulnerability Allowing Man-in-the-Middle Attacks

Vulnerability

Patched

A vulnerability exists in Yokogawa FAST/TOOLS versions R9.01 to R10.04, across several packages including RVSVRN, UNSVRN, HMIWEB, FTEES, and HMIMOB. The issue stems from the lack of HTTP Strict Transport Security (HSTS) configuration, which leaves communications with the web server vulnerable to interception during a man-in-the-middle (MITM) attack.

Impact

Exploitation of this vulnerability could lead to interception and sniffing of communications with the web server, allowing an attacker to potentially capture sensitive information or manipulate data in transit.

Remediation

Users are advised to update to FAST/TOOLS R10.04 SP3 and apply the patch software CS_e12787. For assistance, contact your local Yokogawa supporting office.

Added: Feb 9, 2026, 4:22 AM

Updated: Feb 9, 2026, 4:22 AM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

5.6

remediation

7.7

relevance

2.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

5.6

remediation

7.7

relevance

2.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Yokogawa FAST/TOOLS HSTS Configuration Vulnerability Allowing Man-in-the-Middle Attacks

Vulnerability

Impact

Remediation

Affected Products

Yokogawa FAST/TOOLS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating