Search

Find a vulnerability

Search criteria

    109 vulnerabilities by Yokogawa Electric Corporation

    CVE-2026-11833 (GCVE-0-2026-11833)

    Vulnerability from nvd – Published: 2026-06-23 00:53 – Updated: 2026-06-23 12:17
    VLAI
    Summary
    Overview: A vulnerability has been found in FAST/TOOLS and CI Server. The web server may return a response containing the CI Server setting information. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04 CI Server (All packages) R1.01 to R1.04
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext transmission of sensitive information
    Assigner
    Impacted products
    Date Public
    2026-06-22 18:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11833",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T12:17:05.794821Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-23T12:17:17.439Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FAST/TOOLS",
              "vendor": "Yokogawa Electric Corporation",
              "versions": [
                {
                  "lessThanOrEqual": "R10.04",
                  "status": "affected",
                  "version": "R9.01",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "CI Server",
              "vendor": "Yokogawa Electric Corporation",
              "versions": [
                {
                  "lessThanOrEqual": "R1.04",
                  "status": "affected",
                  "version": "R1.01",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-06-22T18:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Overview: \nA vulnerability has been found in FAST/TOOLS and CI Server. The web server may return a response containing the CI Server setting information. This information could \nbe exploited by an attacker for other attacks. \n\n\u003cdiv\u003eThe affected products and versions are as follows:\n\u003cbr\u003eFAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04\n\u003cbr\u003eCI Server\u0026nbsp;(All packages)\u0026nbsp;R1.01 to R1.04\u003c/div\u003e"
                }
              ],
              "value": "Overview: \nA vulnerability has been found in FAST/TOOLS and CI Server. The web server may return a response containing the CI Server setting information. This information could \nbe exploited by an attacker for other attacks. \n\nThe affected products and versions are as follows:\n\nFAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04\n\nCI Server\u00a0(All packages)\u00a0R1.01 to R1.04"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319 Cleartext transmission of sensitive information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-23T00:53:43.698Z",
            "orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
            "shortName": "YokogawaGroup"
          },
          "references": [
            {
              "url": "https://web-material3.yokogawa.com/1/39777/files/YSAR-26-0004-E.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
        "assignerShortName": "YokogawaGroup",
        "cveId": "CVE-2026-11833",
        "datePublished": "2026-06-23T00:53:43.698Z",
        "dateReserved": "2026-06-09T22:13:24.421Z",
        "dateUpdated": "2026-06-23T12:17:17.439Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-7741 (GCVE-0-2025-7741)

    Vulnerability from nvd – Published: 2026-03-30 00:01 – Updated: 2026-03-30 15:03
    VLAI
    Summary
    Hardcoded Password Vulnerability have been found in CENTUM. Affected products contain a hardcoded password for the user account (PROG) used for CENTUM Authentication Mode within the system. Under the following conditions, there is a risk that an attacker could log in as the PROG user. The default permission for the PROG users is S1 permission (equivalent to OFFUSER). Therefore, for properly permission-controlled targets of operation and monitoring, even if an attacker user in as the PROG user, the risk of critical operations or configuration changes being performed is considered low. (If the PROG user's permissions have been changed for any reason, there is a risk that operations or configuration changes may be performed under the modified permissions. The CVSS values below are for the default permissions.) Additionally, exploiting this vulnerability requires an attacker to already have access to the HIS screen controls. Therefore, an attacker can already operate and monitor at that point, regardless of this vulnerability. The conditions under which this vulnerability is exploited: If all of the following conditions are met, the affected products are vulnerable to this vulnerability. -An attacker obtains the hardcoded password using a certain method. -The HIS with the affected product installed is configured in CTM authentication mode. -An attacker must have direct access to the aforementioned HIS or be able to break into it remotely using a certain method and perform screen operations. The affected products and versions are as follows: CENTUM VP R5.01.00 to R5.04.20, R6.01.00 to R6.12.00 and R7.01.00.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-259 - Use of hard-coded password
    Assigner
    Impacted products
    Vendor Product Version
    Yokogawa Electric Corporation CENTUM VP Affected: R5.01.00 , ≤ R5.04.20 (custom)
    Affected: R6.01.00 , ≤ R6.12.00 (custom)
    Affected: R7.01.00
    Create a notification for this product.
    Date Public
    2026-03-30 03:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7741",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-30T15:02:49.410485Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-30T15:03:00.408Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "CENTUM VP",
              "vendor": "Yokogawa Electric Corporation",
              "versions": [
                {
                  "lessThanOrEqual": "R5.04.20",
                  "status": "affected",
                  "version": "R5.01.00",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "R6.12.00",
                  "status": "affected",
                  "version": "R6.01.00",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "R7.01.00"
                }
              ]
            }
          ],
          "datePublic": "2026-03-30T03:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Hardcoded Password Vulnerability have been found in CENTUM.\u0026nbsp;Affected products contain a hardcoded password for the user account (PROG) used for CENTUM Authentication Mode within the system. Under the following conditions, there is a risk that an attacker could log in as the PROG user.\n\u003cbr\u003eThe default permission for the PROG users is S1 permission (equivalent to OFFUSER). Therefore, for properly permission-controlled targets of operation and monitoring, even if an attacker user in as the PROG user, the risk of critical operations or configuration changes being performed is considered low. (If the PROG user\u0027s permissions have been changed for any reason, there is a risk that operations or configuration changes may be performed under the modified permissions. The CVSS values below are for the default permissions.)\n\u003cbr\u003eAdditionally, exploiting this vulnerability requires an attacker to already have access to the HIS screen controls. Therefore, an attacker can already operate and monitor at that point, regardless of this vulnerability.\n\u003cbr\u003eThe conditions under which this vulnerability is exploited:\n\u003cbr\u003eIf all of the following conditions are met, the affected products are vulnerable to this vulnerability.\n\u003cbr\u003e-An attacker obtains the hardcoded password using a certain method.\n\u003cbr\u003e-The HIS with the affected product installed is configured in CTM authentication mode.\n\u003cbr\u003e-An attacker must have direct access to the aforementioned HIS or be able to break into it remotely using a certain method and perform screen operations.\n\u003cbr\u003e\u003cbr\u003e\u003cdiv\u003eThe affected products and versions are as follows: CENTUM VP R5.01.00 to R5.04.20, R6.01.00 to R6.12.00 and R7.01.00.\u003c/div\u003e"
                }
              ],
              "value": "Hardcoded Password Vulnerability have been found in CENTUM.\u00a0Affected products contain a hardcoded password for the user account (PROG) used for CENTUM Authentication Mode within the system. Under the following conditions, there is a risk that an attacker could log in as the PROG user.\n\nThe default permission for the PROG users is S1 permission (equivalent to OFFUSER). Therefore, for properly permission-controlled targets of operation and monitoring, even if an attacker user in as the PROG user, the risk of critical operations or configuration changes being performed is considered low. (If the PROG user\u0027s permissions have been changed for any reason, there is a risk that operations or configuration changes may be performed under the modified permissions. The CVSS values below are for the default permissions.)\n\nAdditionally, exploiting this vulnerability requires an attacker to already have access to the HIS screen controls. Therefore, an attacker can already operate and monitor at that point, regardless of this vulnerability.\n\nThe conditions under which this vulnerability is exploited:\n\nIf all of the following conditions are met, the affected products are vulnerable to this vulnerability.\n\n-An attacker obtains the hardcoded password using a certain method.\n\n-The HIS with the affected product installed is configured in CTM authentication mode.\n\n-An attacker must have direct access to the aforementioned HIS or be able to break into it remotely using a certain method and perform screen operations.\n\n\nThe affected products and versions are as follows: CENTUM VP R5.01.00 to R5.04.20, R6.01.00 to R6.12.00 and R7.01.00."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-259",
                  "description": "CWE-259 Use of hard-coded password",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-30T00:01:11.948Z",
            "orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
            "shortName": "YokogawaGroup"
          },
          "references": [
            {
              "url": "https://web-material3.yokogawa.com/1/39531/files/YSAR-26-0003-E.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
        "assignerShortName": "YokogawaGroup",
        "cveId": "CVE-2025-7741",
        "datePublished": "2026-03-30T00:01:11.948Z",
        "dateReserved": "2025-07-17T06:32:40.148Z",
        "dateUpdated": "2026-03-30T15:03:00.408Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-48023 (GCVE-0-2025-48023)

    Vulnerability from nvd – Published: 2026-02-13 05:00 – Updated: 2026-02-13 12:50
    VLAI
    Summary
    A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Yokogawa Electric Corporation Vnet/IP Interface Package Affected: R1.07.00 or earlier (custom)
    Create a notification for this product.
    Date Public
    2026-02-13 03:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-48023",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-13T12:48:44.961379Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-13T12:50:44.861Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Vnet/IP Interface Package",
              "vendor": "Yokogawa Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "R1.07.00 or earlier",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-02-13T03:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.\u003cbr\u003eIf affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.\u003cbr\u003eThe affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier"
                }
              ],
              "value": "A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.\nIf affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.\nThe affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-617",
                  "description": "CWE-617 Reachable Assertion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T05:00:05.985Z",
            "orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
            "shortName": "YokogawaGroup"
          },
          "references": [
            {
              "url": "https://web-material3.yokogawa.com/1/39281/files/YSAR-26-0002-E.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
        "assignerShortName": "YokogawaGroup",
        "cveId": "CVE-2025-48023",
        "datePublished": "2026-02-13T05:00:05.985Z",
        "dateReserved": "2025-05-15T03:31:13.259Z",
        "dateUpdated": "2026-02-13T12:50:44.861Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-48022 (GCVE-0-2025-48022)

    Vulnerability from nvd – Published: 2026-02-13 04:58 – Updated: 2026-02-13 12:35
    VLAI
    Summary
    A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Yokogawa Electric Corporation Vnet/IP Interface Package Affected: R1.07.00 or earlier (custom)
    Create a notification for this product.
    Date Public
    2026-02-13 03:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-48022",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-13T12:34:51.349166Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-13T12:35:05.068Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Vnet/IP Interface Package",
              "vendor": "Yokogawa Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "R1.07.00 or earlier",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-02-13T03:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.\u003cbr\u003eIf affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.\u003cbr\u003eThe affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier"
                }
              ],
              "value": "A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.\nIf affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.\nThe affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-130",
                  "description": "CWE-130",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T04:58:12.391Z",
            "orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
            "shortName": "YokogawaGroup"
          },
          "references": [
            {
              "url": "https://web-material3.yokogawa.com/1/39281/files/YSAR-26-0002-E.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
        "assignerShortName": "YokogawaGroup",
        "cveId": "CVE-2025-48022",
        "datePublished": "2026-02-13T04:58:12.391Z",
        "dateReserved": "2025-05-15T03:31:13.259Z",
        "dateUpdated": "2026-02-13T12:35:05.068Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-48021 (GCVE-0-2025-48021)

    Vulnerability from nvd – Published: 2026-02-13 04:56 – Updated: 2026-02-13 12:54
    VLAI
    Summary
    A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-191 - Integer Underflow (Wrap or Wraparound)
    Assigner
    Impacted products
    Vendor Product Version
    Yokogawa Electric Corporation Vnet/IP Interface Package Affected: R1.07.00 or earlier (custom)
    Create a notification for this product.
    Date Public
    2026-02-13 03:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-48021",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-13T12:54:42.873310Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-13T12:54:59.214Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Vnet/IP Interface Package",
              "vendor": "Yokogawa Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "R1.07.00 or earlier",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-02-13T03:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.\u003cbr\u003eIf affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.\u003cbr\u003eThe affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier"
                }
              ],
              "value": "A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.\nIf affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.\nThe affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-191",
                  "description": "CWE-191 Integer Underflow (Wrap or Wraparound)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T04:56:15.651Z",
            "orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
            "shortName": "YokogawaGroup"
          },
          "references": [
            {
              "url": "https://web-material3.yokogawa.com/1/39281/files/YSAR-26-0002-E.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
        "assignerShortName": "YokogawaGroup",
        "cveId": "CVE-2025-48021",
        "datePublished": "2026-02-13T04:56:15.651Z",
        "dateReserved": "2025-05-15T03:31:13.259Z",
        "dateUpdated": "2026-02-13T12:54:59.214Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-48020 (GCVE-0-2025-48020)

    Vulnerability from nvd – Published: 2026-02-13 04:54 – Updated: 2026-02-13 12:55
    VLAI
    Summary
    A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Yokogawa Electric Corporation Vnet/IP Interface Package Affected: R1.07.00 or earlier (custom)
    Create a notification for this product.
    Date Public
    2026-02-13 03:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-48020",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-13T12:55:37.940053Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-13T12:55:50.520Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Vnet/IP Interface Package",
              "vendor": "Yokogawa Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "R1.07.00 or earlier",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-02-13T03:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.\u003cbr\u003eIf affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.\u003cbr\u003eThe affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier"
                }
              ],
              "value": "A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.\nIf affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.\nThe affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-617",
                  "description": "CWE-617 Reachable Assertion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T04:54:09.449Z",
            "orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
            "shortName": "YokogawaGroup"
          },
          "references": [
            {
              "url": "https://web-material3.yokogawa.com/1/39281/files/YSAR-26-0002-E.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
        "assignerShortName": "YokogawaGroup",
        "cveId": "CVE-2025-48020",
        "datePublished": "2026-02-13T04:54:09.449Z",
        "dateReserved": "2025-05-15T03:31:13.259Z",
        "dateUpdated": "2026-02-13T12:55:50.520Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-48019 (GCVE-0-2025-48019)

    Vulnerability from nvd – Published: 2026-02-13 04:51 – Updated: 2026-02-13 17:04
    VLAI
    Summary
    A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Yokogawa Electric Corporation Vnet/IP Interface Package Affected: R1.07.00 or earlier (custom)
    Create a notification for this product.
    Date Public
    2026-02-13 03:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-48019",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-13T17:04:02.810657Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-13T17:04:11.701Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Vnet/IP Interface Package",
              "vendor": "Yokogawa Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "R1.07.00 or earlier",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-02-13T03:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.\u003cbr\u003eIf affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.\u003cbr\u003eThe affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier"
                }
              ],
              "value": "A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.\nIf affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.\nThe affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-617",
                  "description": "CWE-617 Reachable Assertion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T04:51:46.316Z",
            "orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
            "shortName": "YokogawaGroup"
          },
          "references": [
            {
              "url": "https://web-material3.yokogawa.com/1/39281/files/YSAR-26-0002-E.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
        "assignerShortName": "YokogawaGroup",
        "cveId": "CVE-2025-48019",
        "datePublished": "2026-02-13T04:51:46.316Z",
        "dateReserved": "2025-05-15T03:31:13.258Z",
        "dateUpdated": "2026-02-13T17:04:11.701Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-1924 (GCVE-0-2025-1924)

    Vulnerability from nvd – Published: 2026-02-13 04:46 – Updated: 2026-02-13 13:07
    VLAI
    Summary
    A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receive maliciously crafted packets, a DoS attack may cause Vnet/IP communication functions to stop or arbitrary programs to be executed. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-191 - Integer Underflow (Wrap or Wraparound)
    • CWE-787 - Out-of-bounds Write
    Assigner
    Impacted products
    Vendor Product Version
    Yokogawa Electric Corporation Vnet/IP Interface Package Affected: R1.07.00 or earlier (custom)
    Create a notification for this product.
    Date Public
    2026-02-13 03:41
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1924",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-13T13:06:54.726341Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-13T13:07:18.570Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Vnet/IP Interface Package",
              "vendor": "Yokogawa Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "R1.07.00 or earlier",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-02-13T03:41:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.\u003cbr\u003eIf affected product receive maliciously crafted packets, a DoS attack may cause Vnet/IP communication functions to stop or arbitrary programs to be executed.\u003cbr\u003eThe affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier"
                }
              ],
              "value": "A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.\nIf affected product receive maliciously crafted packets, a DoS attack may cause Vnet/IP communication functions to stop or arbitrary programs to be executed.\nThe affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:L/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-191",
                  "description": "CWE-191 Integer Underflow (Wrap or Wraparound)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T04:46:05.460Z",
            "orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
            "shortName": "YokogawaGroup"
          },
          "references": [
            {
              "url": "https://web-material3.yokogawa.com/1/39281/files/YSAR-26-0002-E.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
        "assignerShortName": "YokogawaGroup",
        "cveId": "CVE-2025-1924",
        "datePublished": "2026-02-13T04:46:05.460Z",
        "dateReserved": "2025-03-04T06:24:10.217Z",
        "dateUpdated": "2026-02-13T13:07:18.570Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-66598 (GCVE-0-2025-66598)

    Vulnerability from nvd – Published: 2026-02-09 03:26 – Updated: 2026-02-09 19:05
    VLAI
    Summary
    A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product supports old SSL/TLS versions, potentially allowing an attacker to decrypt communications with the web server. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
    Assigner
    Impacted products
    Vendor Product Version
    Yokogawa Electric Corporation FAST/TOOLS Affected: R9.01 , ≤ R10.04 (custom)
    Create a notification for this product.
    Date Public
    2026-02-09 03:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-66598",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-09T19:02:34.873870Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-09T19:05:56.310Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FAST/TOOLS",
              "vendor": "Yokogawa Electric Corporation",
              "versions": [
                {
                  "lessThanOrEqual": "R10.04",
                  "status": "affected",
                  "version": "R9.01",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-02-09T03:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\u003c/p\u003e\n\n\u003cp\u003eThis product supports\nold SSL/TLS versions, potentially allowing an attacker to decrypt\ncommunications with the web server.\u003c/p\u003e\n\n\u003cp\u003eThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\n\n\n\nThis product supports\nold SSL/TLS versions, potentially allowing an attacker to decrypt\ncommunications with the web server.\n\n\n\nThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-327",
                  "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-09T03:26:46.511Z",
            "orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
            "shortName": "YokogawaGroup"
          },
          "references": [
            {
              "url": "https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
        "assignerShortName": "YokogawaGroup",
        "cveId": "CVE-2025-66598",
        "datePublished": "2026-02-09T03:26:46.511Z",
        "dateReserved": "2025-12-05T05:04:18.582Z",
        "dateUpdated": "2026-02-09T19:05:56.310Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-66597 (GCVE-0-2025-66597)

    Vulnerability from nvd – Published: 2026-02-09 03:31 – Updated: 2026-02-09 19:05
    VLAI
    Summary
    A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product supports weak cryptographic algorithms, potentially allowing an attacker to decrypt communications with the web server. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
    Assigner
    Impacted products
    Vendor Product Version
    Yokogawa Electric Corporation FAST/TOOLS Affected: R9.01 , ≤ R10.04 (custom)
    Create a notification for this product.
    Date Public
    2026-02-09 03:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-66597",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-09T19:04:07.137754Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-09T19:05:50.700Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FAST/TOOLS",
              "vendor": "Yokogawa Electric Corporation",
              "versions": [
                {
                  "lessThanOrEqual": "R10.04",
                  "status": "affected",
                  "version": "R9.01",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-02-09T03:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\u003c/p\u003e\n\n\u003cp\u003eThis product supports\nweak cryptographic algorithms, potentially allowing an attacker to decrypt\ncommunications with the web server.\u003c/p\u003e\n\n\u003cp\u003eThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\n\n\n\nThis product supports\nweak cryptographic algorithms, potentially allowing an attacker to decrypt\ncommunications with the web server.\n\n\n\nThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-327",
                  "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-09T03:31:24.991Z",
            "orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
            "shortName": "YokogawaGroup"
          },
          "references": [
            {
              "url": "https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
        "assignerShortName": "YokogawaGroup",
        "cveId": "CVE-2025-66597",
        "datePublished": "2026-02-09T03:31:24.991Z",
        "dateReserved": "2025-12-05T05:04:18.582Z",
        "dateUpdated": "2026-02-09T19:05:50.700Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-66596 (GCVE-0-2025-66596)

    Vulnerability from nvd – Published: 2026-02-09 03:35 – Updated: 2026-02-09 19:05
    VLAI
    Summary
    A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly validate request headers. When an attacker inserts an invalid host header, users could be redirected to malicious sites. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    Impacted products
    Vendor Product Version
    Yokogawa Electric Corporation FAST/TOOLS Affected: R9.01 , ≤ R10.04 (custom)
    Create a notification for this product.
    Date Public
    2026-02-09 03:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-66596",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-09T19:04:04.739597Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-09T19:05:44.946Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FAST/TOOLS",
              "vendor": "Yokogawa Electric Corporation",
              "versions": [
                {
                  "lessThanOrEqual": "R10.04",
                  "status": "affected",
                  "version": "R9.01",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-02-09T03:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\u003c/p\u003e\n\n\u003cp\u003eThis product does not\nproperly validate request headers. When an attacker inserts an invalid host\nheader, users could be redirected to malicious sites.\u003c/p\u003e\n\n\u003cp\u003eThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\n\n\n\nThis product does not\nproperly validate request headers. When an attacker inserts an invalid host\nheader, users could be redirected to malicious sites.\n\n\n\nThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-09T03:35:28.896Z",
            "orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
            "shortName": "YokogawaGroup"
          },
          "references": [
            {
              "url": "https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
        "assignerShortName": "YokogawaGroup",
        "cveId": "CVE-2025-66596",
        "datePublished": "2026-02-09T03:35:28.896Z",
        "dateReserved": "2025-12-05T05:04:18.582Z",
        "dateUpdated": "2026-02-09T19:05:44.946Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-66595 (GCVE-0-2025-66595)

    Vulnerability from nvd – Published: 2026-02-09 03:36 – Updated: 2026-02-09 19:05
    VLAI
    Summary
    A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product is vulnerable to Cross-Site Request Forgery (CSRF). When a user accesses a link crafted by an attacker, the user’s account could be compromised. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    Yokogawa Electric Corporation FAST/TOOLS Affected: R9.01 , ≤ R10.04 (custom)
    Create a notification for this product.
    Date Public
    2026-02-09 03:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-66595",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-09T19:02:33.376319Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-09T19:05:39.419Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FAST/TOOLS",
              "vendor": "Yokogawa Electric Corporation",
              "versions": [
                {
                  "lessThanOrEqual": "R10.04",
                  "status": "affected",
                  "version": "R9.01",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-02-09T03:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\u003c/p\u003e\n\n\u003cp\u003eThis product is\nvulnerable to Cross-Site Request Forgery (CSRF). When a user accesses a link\ncrafted by an attacker, the user\u2019s account could be compromised.\u003c/p\u003e\n\n\u003cp\u003eThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\n\n\n\nThis product is\nvulnerable to Cross-Site Request Forgery (CSRF). When a user accesses a link\ncrafted by an attacker, the user\u2019s account could be compromised.\n\n\n\nThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-09T03:36:38.506Z",
            "orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
            "shortName": "YokogawaGroup"
          },
          "references": [
            {
              "url": "https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
        "assignerShortName": "YokogawaGroup",
        "cveId": "CVE-2025-66595",
        "datePublished": "2026-02-09T03:36:38.506Z",
        "dateReserved": "2025-12-05T05:04:18.582Z",
        "dateUpdated": "2026-02-09T19:05:39.419Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-66594 (GCVE-0-2025-66594)

    Vulnerability from nvd – Published: 2026-02-09 03:37 – Updated: 2026-02-09 19:05
    VLAI
    Summary
    A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Detailed messages are displayed on the error page. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-209 - Generation of Error Message Containing Sensitive Information
    Assigner
    Impacted products
    Vendor Product Version
    Yokogawa Electric Corporation FAST/TOOLS Affected: R9.01 , ≤ R10.04 (custom)
    Create a notification for this product.
    Date Public
    2026-02-09 03:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-66594",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-09T19:04:02.805773Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-09T19:05:33.989Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FAST/TOOLS",
              "vendor": "Yokogawa Electric Corporation",
              "versions": [
                {
                  "lessThanOrEqual": "R10.04",
                  "status": "affected",
                  "version": "R9.01",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-02-09T03:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\u003c/p\u003e\u003cp\u003eDetailed messages are displayed on the error\npage. This information could be exploited by an attacker for other attacks.\u003c/p\u003e\n\n\u003cp\u003eThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\n\nDetailed messages are displayed on the error\npage. This information could be exploited by an attacker for other attacks.\n\n\n\nThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-209",
                  "description": "CWE-209 Generation of Error Message Containing Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-09T03:37:30.800Z",
            "orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
            "shortName": "YokogawaGroup"
          },
          "references": [
            {
              "url": "https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
        "assignerShortName": "YokogawaGroup",
        "cveId": "CVE-2025-66594",
        "datePublished": "2026-02-09T03:37:30.800Z",
        "dateReserved": "2025-12-05T05:04:18.581Z",
        "dateUpdated": "2026-02-09T19:05:33.989Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-66608 (GCVE-0-2025-66608)

    Vulnerability from nvd – Published: 2026-02-09 03:11 – Updated: 2026-02-09 19:06
    VLAI
    Summary
    A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly validate URLs. An attacker could send specially crafted requests to steal files from the web server. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Yokogawa Electric Corporation FAST/TOOLS Affected: R9.01 , ≤ R10.04 (custom)
    Create a notification for this product.
    Date Public
    2026-02-09 03:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-66608",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-09T19:04:14.451633Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-09T19:06:39.777Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FAST/TOOLS",
              "vendor": "Yokogawa Electric Corporation",
              "versions": [
                {
                  "lessThanOrEqual": "R10.04",
                  "status": "affected",
                  "version": "R9.01",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-02-09T03:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\u003c/p\u003e\n\n\u003cp\u003eThis product does not\nproperly validate URLs. An attacker could send specially crafted requests to\nsteal files from the web server.\u003c/p\u003e\n\n\u003cp\u003eThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\n\n\n\nThis product does not\nproperly validate URLs. An attacker could send specially crafted requests to\nsteal files from the web server.\n\n\n\nThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-29",
                  "description": "CWE-29",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-09T03:11:56.893Z",
            "orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
            "shortName": "YokogawaGroup"
          },
          "references": [
            {
              "url": "https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
        "assignerShortName": "YokogawaGroup",
        "cveId": "CVE-2025-66608",
        "datePublished": "2026-02-09T03:11:56.893Z",
        "dateReserved": "2025-12-05T05:04:40.516Z",
        "dateUpdated": "2026-02-09T19:06:39.777Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-66607 (GCVE-0-2025-66607)

    Vulnerability from nvd – Published: 2026-02-09 03:09 – Updated: 2026-02-09 19:06
    VLAI
    Summary
    A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The response header contains an insecure setting. Users could be redirected to malicious sites by an attacker. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Yokogawa Electric Corporation FAST/TOOLS Affected: R9.01 , ≤ R10.04 (custom)
    Create a notification for this product.
    Date Public
    2026-02-09 03:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-66607",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-09T19:02:44.079629Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-09T19:06:45.550Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FAST/TOOLS",
              "vendor": "Yokogawa Electric Corporation",
              "versions": [
                {
                  "lessThanOrEqual": "R10.04",
                  "status": "affected",
                  "version": "R9.01",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-02-09T03:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\u003c/p\u003e\n\n\u003cp\u003eThe response header\ncontains an insecure setting. Users could be redirected to malicious sites by\nan attacker.\u003c/p\u003e\n\n\u003cp\u003eThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\n\n\n\nThe response header\ncontains an insecure setting. Users could be redirected to malicious sites by\nan attacker.\n\n\n\nThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-358",
                  "description": "CWE-358",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-09T03:09:05.605Z",
            "orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
            "shortName": "YokogawaGroup"
          },
          "references": [
            {
              "url": "https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
        "assignerShortName": "YokogawaGroup",
        "cveId": "CVE-2025-66607",
        "datePublished": "2026-02-09T03:09:05.605Z",
        "dateReserved": "2025-12-05T05:04:40.515Z",
        "dateUpdated": "2026-02-09T19:06:45.550Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-66606 (GCVE-0-2025-66606)

    Vulnerability from nvd – Published: 2026-02-09 03:06 – Updated: 2026-02-09 19:06
    VLAI
    Summary
    A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly encode URLs. An attacker could tamper with web pages or execute malicious scripts. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Yokogawa Electric Corporation FAST/TOOLS Affected: R9.01 , ≤ R10.04 (custom)
    Create a notification for this product.
    Date Public
    2026-02-09 03:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-66606",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-09T19:02:46.397363Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-09T19:06:50.934Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FAST/TOOLS",
              "vendor": "Yokogawa Electric Corporation",
              "versions": [
                {
                  "lessThanOrEqual": "R10.04",
                  "status": "affected",
                  "version": "R9.01",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-02-09T03:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\u003c/p\u003e\n\n\u003cp\u003eThis product does not\nproperly encode URLs. An attacker could tamper with web pages or execute\nmalicious scripts.\u003c/p\u003e\n\n\u003cp\u003eThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\n\n\n\nThis product does not\nproperly encode URLs. An attacker could tamper with web pages or execute\nmalicious scripts.\n\n\n\nThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-86",
                  "description": "CWE-86",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-09T03:06:00.996Z",
            "orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
            "shortName": "YokogawaGroup"
          },
          "references": [
            {
              "url": "https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
        "assignerShortName": "YokogawaGroup",
        "cveId": "CVE-2025-66606",
        "datePublished": "2026-02-09T03:06:00.996Z",
        "dateReserved": "2025-12-05T05:04:40.514Z",
        "dateUpdated": "2026-02-09T19:06:50.934Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-66605 (GCVE-0-2025-66605)

    Vulnerability from nvd – Published: 2026-02-09 03:13 – Updated: 2026-02-09 19:06
    VLAI
    Summary
    A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Since there are input fields on this webpage with the autocomplete attribute enabled, the input content could be saved in the browser the user is using. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Yokogawa Electric Corporation FAST/TOOLS Affected: R9.01 , ≤ R10.04 (custom)
    Create a notification for this product.
    Date Public
    2026-02-09 03:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-66605",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-09T19:02:42.053005Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-09T19:06:34.439Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FAST/TOOLS",
              "vendor": "Yokogawa Electric Corporation",
              "versions": [
                {
                  "lessThanOrEqual": "R10.04",
                  "status": "affected",
                  "version": "R9.01",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-02-09T03:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\u003c/p\u003e\n\n\u003cp\u003eSince there are input\nfields on this webpage with the autocomplete attribute enabled, the input\ncontent could be saved in the browser the user is using.\u003c/p\u003e\n\n\u003cp\u003eThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\n\n\n\nSince there are input\nfields on this webpage with the autocomplete attribute enabled, the input\ncontent could be saved in the browser the user is using.\n\n\n\nThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-359",
                  "description": "CWE-359",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-09T03:13:02.297Z",
            "orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
            "shortName": "YokogawaGroup"
          },
          "references": [
            {
              "url": "https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
        "assignerShortName": "YokogawaGroup",
        "cveId": "CVE-2025-66605",
        "datePublished": "2026-02-09T03:13:02.297Z",
        "dateReserved": "2025-12-05T05:04:40.514Z",
        "dateUpdated": "2026-02-09T19:06:34.439Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-66604 (GCVE-0-2025-66604)

    Vulnerability from nvd – Published: 2026-02-09 03:14 – Updated: 2026-02-09 19:06
    VLAI
    Summary
    A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The library version could be displayed on the web page. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    Impacted products
    Vendor Product Version
    Yokogawa Electric Corporation FAST/TOOLS Affected: R9.01 , ≤ R10.04 (custom)
    Create a notification for this product.
    Date Public
    2026-02-09 03:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-66604",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-09T19:02:40.022823Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-09T19:06:28.790Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FAST/TOOLS",
              "vendor": "Yokogawa Electric Corporation",
              "versions": [
                {
                  "lessThanOrEqual": "R10.04",
                  "status": "affected",
                  "version": "R9.01",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-02-09T03:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\u003c/p\u003e\n\n\u003cp\u003eThe library version\ncould be displayed on the web page. This information could be exploited by an\nattacker for other attacks.\u003c/p\u003e\n\n\u003cp\u003eThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\n\n\n\nThe library version\ncould be displayed on the web page. This information could be exploited by an\nattacker for other attacks.\n\n\n\nThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-09T03:14:10.253Z",
            "orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
            "shortName": "YokogawaGroup"
          },
          "references": [
            {
              "url": "https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
        "assignerShortName": "YokogawaGroup",
        "cveId": "CVE-2025-66604",
        "datePublished": "2026-02-09T03:14:10.253Z",
        "dateReserved": "2025-12-05T05:04:40.512Z",
        "dateUpdated": "2026-02-09T19:06:28.790Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-66603 (GCVE-0-2025-66603)

    Vulnerability from nvd – Published: 2026-02-09 03:15 – Updated: 2026-02-09 19:06
    VLAI
    Summary
    A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The web server accepts the OPTIONS method. An attacker could potentially use this information to carry out other attacks. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Yokogawa Electric Corporation FAST/TOOLS Affected: R9.01 , ≤ R10.04 (custom)
    Create a notification for this product.
    Date Public
    2026-02-09 03:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-66603",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-09T19:02:38.058046Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-09T19:06:23.795Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FAST/TOOLS",
              "vendor": "Yokogawa Electric Corporation",
              "versions": [
                {
                  "lessThanOrEqual": "R10.04",
                  "status": "affected",
                  "version": "R9.01",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-02-09T03:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\u003c/p\u003e\n\n\u003cp\u003eThe web server accepts\nthe OPTIONS method. An attacker could potentially use this information to carry\nout other attacks.\u003c/p\u003e\n\n\u003cp\u003eThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\n\n\n\nThe web server accepts\nthe OPTIONS method. An attacker could potentially use this information to carry\nout other attacks.\n\n\n\nThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-358",
                  "description": "CWE-358",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-09T03:15:41.396Z",
            "orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
            "shortName": "YokogawaGroup"
          },
          "references": [
            {
              "url": "https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
        "assignerShortName": "YokogawaGroup",
        "cveId": "CVE-2025-66603",
        "datePublished": "2026-02-09T03:15:41.396Z",
        "dateReserved": "2025-12-05T05:04:18.583Z",
        "dateUpdated": "2026-02-09T19:06:23.795Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-66602 (GCVE-0-2025-66602)

    Vulnerability from nvd – Published: 2026-02-09 03:16 – Updated: 2026-02-09 19:06
    VLAI
    Summary
    A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The web server accepts access by IP address. When a worm that randomly searches for IP addresses intrudes into the network, it could potentially be attacked by the worm. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Yokogawa Electric Corporation FAST/TOOLS Affected: R9.01 , ≤ R10.04 (custom)
    Create a notification for this product.
    Date Public
    2026-02-09 03:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-66602",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-09T19:04:12.574305Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-09T19:06:18.987Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FAST/TOOLS",
              "vendor": "Yokogawa Electric Corporation",
              "versions": [
                {
                  "lessThanOrEqual": "R10.04",
                  "status": "affected",
                  "version": "R9.01",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-02-09T03:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\u003c/p\u003e\n\n\u003cp\u003eThe web server accepts\naccess by IP address. When a worm that randomly searches for IP addresses\nintrudes into the network, it could potentially be attacked by the worm.\u003c/p\u003e\n\n\u003cp\u003eThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\n\n\n\nThe web server accepts\naccess by IP address. When a worm that randomly searches for IP addresses\nintrudes into the network, it could potentially be attacked by the worm.\n\n\n\nThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-291",
                  "description": "CWE-291",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-09T03:16:47.620Z",
            "orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
            "shortName": "YokogawaGroup"
          },
          "references": [
            {
              "url": "https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
        "assignerShortName": "YokogawaGroup",
        "cveId": "CVE-2025-66602",
        "datePublished": "2026-02-09T03:16:47.620Z",
        "dateReserved": "2025-12-05T05:04:18.583Z",
        "dateUpdated": "2026-02-09T19:06:18.987Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-66601 (GCVE-0-2025-66601)

    Vulnerability from nvd – Published: 2026-02-09 03:17 – Updated: 2026-02-09 19:06
    VLAI
    Summary
    A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not specify MIME types. When an attacker performs a content sniffing attack, malicious scripts could be executed. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Yokogawa Electric Corporation FAST/TOOLS Affected: R9.01 , ≤ R10.04 (custom)
    Create a notification for this product.
    Date Public
    2026-02-09 03:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-66601",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-09T19:02:36.537093Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-09T19:06:13.694Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FAST/TOOLS",
              "vendor": "Yokogawa Electric Corporation",
              "versions": [
                {
                  "lessThanOrEqual": "R10.04",
                  "status": "affected",
                  "version": "R9.01",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-02-09T03:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\u003c/p\u003e\n\n\u003cp\u003eThis product does not\nspecify MIME types. When an attacker performs a content sniffing attack,\nmalicious scripts could be executed.\u003c/p\u003e\n\n\u003cp\u003eThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\n\n\n\nThis product does not\nspecify MIME types. When an attacker performs a content sniffing attack,\nmalicious scripts could be executed.\n\n\n\nThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-358",
                  "description": "CWE-358",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-09T03:17:59.547Z",
            "orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
            "shortName": "YokogawaGroup"
          },
          "references": [
            {
              "url": "https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
        "assignerShortName": "YokogawaGroup",
        "cveId": "CVE-2025-66601",
        "datePublished": "2026-02-09T03:17:59.547Z",
        "dateReserved": "2025-12-05T05:04:18.583Z",
        "dateUpdated": "2026-02-09T19:06:13.694Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-66600 (GCVE-0-2025-66600)

    Vulnerability from nvd – Published: 2026-02-09 03:24 – Updated: 2026-02-09 19:06
    VLAI
    Summary
    A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product lacks HSTS (HTTP Strict Transport Security) configuration. When an attacker performs a Man in the middle (MITM) attack, communications with the web server could be sniffed. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Yokogawa Electric Corporation FAST/TOOLS Affected: R9.01 , ≤ R10.04 (custom)
    Create a notification for this product.
    Date Public
    2026-02-09 03:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-66600",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-09T19:04:10.750639Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-09T19:06:08.322Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FAST/TOOLS",
              "vendor": "Yokogawa Electric Corporation",
              "versions": [
                {
                  "lessThanOrEqual": "R10.04",
                  "status": "affected",
                  "version": "R9.01",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-02-09T03:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\u003c/p\u003e\n\n\u003cp\u003eThis product lacks\nHSTS (HTTP Strict Transport Security) configuration. When an attacker performs\na Man in the middle (MITM) attack, communications with the web server could be\nsniffed.\u003c/p\u003e\n\n\u003cp\u003eThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.\n\n\n\nThis product lacks\nHSTS (HTTP Strict Transport Security) configuration. When an attacker performs\na Man in the middle (MITM) attack, communications with the web server could be\nsniffed.\n\n\n\nThe\naffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to\nR10.04"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-358",
                  "description": "CWE-358",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-09T03:24:33.044Z",
            "orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
            "shortName": "YokogawaGroup"
          },
          "references": [
            {
              "url": "https://web-material3.yokogawa.com/1/39206/files/YSAR-26-0001-E.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
        "assignerShortName": "YokogawaGroup",
        "cveId": "CVE-2025-66600",
        "datePublished": "2026-02-09T03:24:33.044Z",
        "dateReserved": "2025-12-05T05:04:18.583Z",
        "dateUpdated": "2026-02-09T19:06:08.322Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11833 (GCVE-0-2026-11833)

    Vulnerability from cvelistv5 – Published: 2026-06-23 00:53 – Updated: 2026-06-23 12:17
    VLAI
    Summary
    Overview: A vulnerability has been found in FAST/TOOLS and CI Server. The web server may return a response containing the CI Server setting information. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04 CI Server (All packages) R1.01 to R1.04
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext transmission of sensitive information
    Assigner
    Impacted products
    Date Public
    2026-06-22 18:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11833",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T12:17:05.794821Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-23T12:17:17.439Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "FAST/TOOLS",
              "vendor": "Yokogawa Electric Corporation",
              "versions": [
                {
                  "lessThanOrEqual": "R10.04",
                  "status": "affected",
                  "version": "R9.01",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "CI Server",
              "vendor": "Yokogawa Electric Corporation",
              "versions": [
                {
                  "lessThanOrEqual": "R1.04",
                  "status": "affected",
                  "version": "R1.01",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-06-22T18:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Overview: \nA vulnerability has been found in FAST/TOOLS and CI Server. The web server may return a response containing the CI Server setting information. This information could \nbe exploited by an attacker for other attacks. \n\n\u003cdiv\u003eThe affected products and versions are as follows:\n\u003cbr\u003eFAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04\n\u003cbr\u003eCI Server\u0026nbsp;(All packages)\u0026nbsp;R1.01 to R1.04\u003c/div\u003e"
                }
              ],
              "value": "Overview: \nA vulnerability has been found in FAST/TOOLS and CI Server. The web server may return a response containing the CI Server setting information. This information could \nbe exploited by an attacker for other attacks. \n\nThe affected products and versions are as follows:\n\nFAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04\n\nCI Server\u00a0(All packages)\u00a0R1.01 to R1.04"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319 Cleartext transmission of sensitive information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-23T00:53:43.698Z",
            "orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
            "shortName": "YokogawaGroup"
          },
          "references": [
            {
              "url": "https://web-material3.yokogawa.com/1/39777/files/YSAR-26-0004-E.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
        "assignerShortName": "YokogawaGroup",
        "cveId": "CVE-2026-11833",
        "datePublished": "2026-06-23T00:53:43.698Z",
        "dateReserved": "2026-06-09T22:13:24.421Z",
        "dateUpdated": "2026-06-23T12:17:17.439Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-7741 (GCVE-0-2025-7741)

    Vulnerability from cvelistv5 – Published: 2026-03-30 00:01 – Updated: 2026-03-30 15:03
    VLAI
    Summary
    Hardcoded Password Vulnerability have been found in CENTUM. Affected products contain a hardcoded password for the user account (PROG) used for CENTUM Authentication Mode within the system. Under the following conditions, there is a risk that an attacker could log in as the PROG user. The default permission for the PROG users is S1 permission (equivalent to OFFUSER). Therefore, for properly permission-controlled targets of operation and monitoring, even if an attacker user in as the PROG user, the risk of critical operations or configuration changes being performed is considered low. (If the PROG user's permissions have been changed for any reason, there is a risk that operations or configuration changes may be performed under the modified permissions. The CVSS values below are for the default permissions.) Additionally, exploiting this vulnerability requires an attacker to already have access to the HIS screen controls. Therefore, an attacker can already operate and monitor at that point, regardless of this vulnerability. The conditions under which this vulnerability is exploited: If all of the following conditions are met, the affected products are vulnerable to this vulnerability. -An attacker obtains the hardcoded password using a certain method. -The HIS with the affected product installed is configured in CTM authentication mode. -An attacker must have direct access to the aforementioned HIS or be able to break into it remotely using a certain method and perform screen operations. The affected products and versions are as follows: CENTUM VP R5.01.00 to R5.04.20, R6.01.00 to R6.12.00 and R7.01.00.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-259 - Use of hard-coded password
    Assigner
    Impacted products
    Vendor Product Version
    Yokogawa Electric Corporation CENTUM VP Affected: R5.01.00 , ≤ R5.04.20 (custom)
    Affected: R6.01.00 , ≤ R6.12.00 (custom)
    Affected: R7.01.00
    Create a notification for this product.
    Date Public
    2026-03-30 03:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7741",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-30T15:02:49.410485Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-30T15:03:00.408Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "CENTUM VP",
              "vendor": "Yokogawa Electric Corporation",
              "versions": [
                {
                  "lessThanOrEqual": "R5.04.20",
                  "status": "affected",
                  "version": "R5.01.00",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "R6.12.00",
                  "status": "affected",
                  "version": "R6.01.00",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "R7.01.00"
                }
              ]
            }
          ],
          "datePublic": "2026-03-30T03:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Hardcoded Password Vulnerability have been found in CENTUM.\u0026nbsp;Affected products contain a hardcoded password for the user account (PROG) used for CENTUM Authentication Mode within the system. Under the following conditions, there is a risk that an attacker could log in as the PROG user.\n\u003cbr\u003eThe default permission for the PROG users is S1 permission (equivalent to OFFUSER). Therefore, for properly permission-controlled targets of operation and monitoring, even if an attacker user in as the PROG user, the risk of critical operations or configuration changes being performed is considered low. (If the PROG user\u0027s permissions have been changed for any reason, there is a risk that operations or configuration changes may be performed under the modified permissions. The CVSS values below are for the default permissions.)\n\u003cbr\u003eAdditionally, exploiting this vulnerability requires an attacker to already have access to the HIS screen controls. Therefore, an attacker can already operate and monitor at that point, regardless of this vulnerability.\n\u003cbr\u003eThe conditions under which this vulnerability is exploited:\n\u003cbr\u003eIf all of the following conditions are met, the affected products are vulnerable to this vulnerability.\n\u003cbr\u003e-An attacker obtains the hardcoded password using a certain method.\n\u003cbr\u003e-The HIS with the affected product installed is configured in CTM authentication mode.\n\u003cbr\u003e-An attacker must have direct access to the aforementioned HIS or be able to break into it remotely using a certain method and perform screen operations.\n\u003cbr\u003e\u003cbr\u003e\u003cdiv\u003eThe affected products and versions are as follows: CENTUM VP R5.01.00 to R5.04.20, R6.01.00 to R6.12.00 and R7.01.00.\u003c/div\u003e"
                }
              ],
              "value": "Hardcoded Password Vulnerability have been found in CENTUM.\u00a0Affected products contain a hardcoded password for the user account (PROG) used for CENTUM Authentication Mode within the system. Under the following conditions, there is a risk that an attacker could log in as the PROG user.\n\nThe default permission for the PROG users is S1 permission (equivalent to OFFUSER). Therefore, for properly permission-controlled targets of operation and monitoring, even if an attacker user in as the PROG user, the risk of critical operations or configuration changes being performed is considered low. (If the PROG user\u0027s permissions have been changed for any reason, there is a risk that operations or configuration changes may be performed under the modified permissions. The CVSS values below are for the default permissions.)\n\nAdditionally, exploiting this vulnerability requires an attacker to already have access to the HIS screen controls. Therefore, an attacker can already operate and monitor at that point, regardless of this vulnerability.\n\nThe conditions under which this vulnerability is exploited:\n\nIf all of the following conditions are met, the affected products are vulnerable to this vulnerability.\n\n-An attacker obtains the hardcoded password using a certain method.\n\n-The HIS with the affected product installed is configured in CTM authentication mode.\n\n-An attacker must have direct access to the aforementioned HIS or be able to break into it remotely using a certain method and perform screen operations.\n\n\nThe affected products and versions are as follows: CENTUM VP R5.01.00 to R5.04.20, R6.01.00 to R6.12.00 and R7.01.00."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-259",
                  "description": "CWE-259 Use of hard-coded password",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-30T00:01:11.948Z",
            "orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
            "shortName": "YokogawaGroup"
          },
          "references": [
            {
              "url": "https://web-material3.yokogawa.com/1/39531/files/YSAR-26-0003-E.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
        "assignerShortName": "YokogawaGroup",
        "cveId": "CVE-2025-7741",
        "datePublished": "2026-03-30T00:01:11.948Z",
        "dateReserved": "2025-07-17T06:32:40.148Z",
        "dateUpdated": "2026-03-30T15:03:00.408Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-48023 (GCVE-0-2025-48023)

    Vulnerability from cvelistv5 – Published: 2026-02-13 05:00 – Updated: 2026-02-13 12:50
    VLAI
    Summary
    A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Yokogawa Electric Corporation Vnet/IP Interface Package Affected: R1.07.00 or earlier (custom)
    Create a notification for this product.
    Date Public
    2026-02-13 03:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-48023",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-13T12:48:44.961379Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-13T12:50:44.861Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Vnet/IP Interface Package",
              "vendor": "Yokogawa Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "R1.07.00 or earlier",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-02-13T03:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.\u003cbr\u003eIf affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.\u003cbr\u003eThe affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier"
                }
              ],
              "value": "A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.\nIf affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.\nThe affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-617",
                  "description": "CWE-617 Reachable Assertion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T05:00:05.985Z",
            "orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
            "shortName": "YokogawaGroup"
          },
          "references": [
            {
              "url": "https://web-material3.yokogawa.com/1/39281/files/YSAR-26-0002-E.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
        "assignerShortName": "YokogawaGroup",
        "cveId": "CVE-2025-48023",
        "datePublished": "2026-02-13T05:00:05.985Z",
        "dateReserved": "2025-05-15T03:31:13.259Z",
        "dateUpdated": "2026-02-13T12:50:44.861Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-48022 (GCVE-0-2025-48022)

    Vulnerability from cvelistv5 – Published: 2026-02-13 04:58 – Updated: 2026-02-13 12:35
    VLAI
    Summary
    A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Yokogawa Electric Corporation Vnet/IP Interface Package Affected: R1.07.00 or earlier (custom)
    Create a notification for this product.
    Date Public
    2026-02-13 03:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-48022",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-13T12:34:51.349166Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-13T12:35:05.068Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Vnet/IP Interface Package",
              "vendor": "Yokogawa Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "R1.07.00 or earlier",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-02-13T03:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.\u003cbr\u003eIf affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.\u003cbr\u003eThe affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier"
                }
              ],
              "value": "A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.\nIf affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.\nThe affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-130",
                  "description": "CWE-130",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T04:58:12.391Z",
            "orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
            "shortName": "YokogawaGroup"
          },
          "references": [
            {
              "url": "https://web-material3.yokogawa.com/1/39281/files/YSAR-26-0002-E.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
        "assignerShortName": "YokogawaGroup",
        "cveId": "CVE-2025-48022",
        "datePublished": "2026-02-13T04:58:12.391Z",
        "dateReserved": "2025-05-15T03:31:13.259Z",
        "dateUpdated": "2026-02-13T12:35:05.068Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-48021 (GCVE-0-2025-48021)

    Vulnerability from cvelistv5 – Published: 2026-02-13 04:56 – Updated: 2026-02-13 12:54
    VLAI
    Summary
    A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-191 - Integer Underflow (Wrap or Wraparound)
    Assigner
    Impacted products
    Vendor Product Version
    Yokogawa Electric Corporation Vnet/IP Interface Package Affected: R1.07.00 or earlier (custom)
    Create a notification for this product.
    Date Public
    2026-02-13 03:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-48021",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-13T12:54:42.873310Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-13T12:54:59.214Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Vnet/IP Interface Package",
              "vendor": "Yokogawa Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "R1.07.00 or earlier",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-02-13T03:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.\u003cbr\u003eIf affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.\u003cbr\u003eThe affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier"
                }
              ],
              "value": "A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.\nIf affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.\nThe affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-191",
                  "description": "CWE-191 Integer Underflow (Wrap or Wraparound)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T04:56:15.651Z",
            "orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
            "shortName": "YokogawaGroup"
          },
          "references": [
            {
              "url": "https://web-material3.yokogawa.com/1/39281/files/YSAR-26-0002-E.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
        "assignerShortName": "YokogawaGroup",
        "cveId": "CVE-2025-48021",
        "datePublished": "2026-02-13T04:56:15.651Z",
        "dateReserved": "2025-05-15T03:31:13.259Z",
        "dateUpdated": "2026-02-13T12:54:59.214Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-48020 (GCVE-0-2025-48020)

    Vulnerability from cvelistv5 – Published: 2026-02-13 04:54 – Updated: 2026-02-13 12:55
    VLAI
    Summary
    A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Yokogawa Electric Corporation Vnet/IP Interface Package Affected: R1.07.00 or earlier (custom)
    Create a notification for this product.
    Date Public
    2026-02-13 03:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-48020",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-13T12:55:37.940053Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-13T12:55:50.520Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Vnet/IP Interface Package",
              "vendor": "Yokogawa Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "R1.07.00 or earlier",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-02-13T03:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.\u003cbr\u003eIf affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.\u003cbr\u003eThe affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier"
                }
              ],
              "value": "A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.\nIf affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.\nThe affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-617",
                  "description": "CWE-617 Reachable Assertion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T04:54:09.449Z",
            "orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
            "shortName": "YokogawaGroup"
          },
          "references": [
            {
              "url": "https://web-material3.yokogawa.com/1/39281/files/YSAR-26-0002-E.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
        "assignerShortName": "YokogawaGroup",
        "cveId": "CVE-2025-48020",
        "datePublished": "2026-02-13T04:54:09.449Z",
        "dateReserved": "2025-05-15T03:31:13.259Z",
        "dateUpdated": "2026-02-13T12:55:50.520Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-48019 (GCVE-0-2025-48019)

    Vulnerability from cvelistv5 – Published: 2026-02-13 04:51 – Updated: 2026-02-13 17:04
    VLAI
    Summary
    A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Yokogawa Electric Corporation Vnet/IP Interface Package Affected: R1.07.00 or earlier (custom)
    Create a notification for this product.
    Date Public
    2026-02-13 03:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-48019",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-13T17:04:02.810657Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-13T17:04:11.701Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Vnet/IP Interface Package",
              "vendor": "Yokogawa Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "R1.07.00 or earlier",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-02-13T03:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.\u003cbr\u003eIf affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.\u003cbr\u003eThe affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier"
                }
              ],
              "value": "A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.\nIf affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.\nThe affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-617",
                  "description": "CWE-617 Reachable Assertion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T04:51:46.316Z",
            "orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
            "shortName": "YokogawaGroup"
          },
          "references": [
            {
              "url": "https://web-material3.yokogawa.com/1/39281/files/YSAR-26-0002-E.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
        "assignerShortName": "YokogawaGroup",
        "cveId": "CVE-2025-48019",
        "datePublished": "2026-02-13T04:51:46.316Z",
        "dateReserved": "2025-05-15T03:31:13.258Z",
        "dateUpdated": "2026-02-13T17:04:11.701Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-1924 (GCVE-0-2025-1924)

    Vulnerability from cvelistv5 – Published: 2026-02-13 04:46 – Updated: 2026-02-13 13:07
    VLAI
    Summary
    A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receive maliciously crafted packets, a DoS attack may cause Vnet/IP communication functions to stop or arbitrary programs to be executed. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-191 - Integer Underflow (Wrap or Wraparound)
    • CWE-787 - Out-of-bounds Write
    Assigner
    Impacted products
    Vendor Product Version
    Yokogawa Electric Corporation Vnet/IP Interface Package Affected: R1.07.00 or earlier (custom)
    Create a notification for this product.
    Date Public
    2026-02-13 03:41
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1924",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-13T13:06:54.726341Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-13T13:07:18.570Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Vnet/IP Interface Package",
              "vendor": "Yokogawa Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "R1.07.00 or earlier",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-02-13T03:41:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.\u003cbr\u003eIf affected product receive maliciously crafted packets, a DoS attack may cause Vnet/IP communication functions to stop or arbitrary programs to be executed.\u003cbr\u003eThe affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier"
                }
              ],
              "value": "A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.\nIf affected product receive maliciously crafted packets, a DoS attack may cause Vnet/IP communication functions to stop or arbitrary programs to be executed.\nThe affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:L/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-191",
                  "description": "CWE-191 Integer Underflow (Wrap or Wraparound)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T04:46:05.460Z",
            "orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
            "shortName": "YokogawaGroup"
          },
          "references": [
            {
              "url": "https://web-material3.yokogawa.com/1/39281/files/YSAR-26-0002-E.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
        "assignerShortName": "YokogawaGroup",
        "cveId": "CVE-2025-1924",
        "datePublished": "2026-02-13T04:46:05.460Z",
        "dateReserved": "2025-03-04T06:24:10.217Z",
        "dateUpdated": "2026-02-13T13:07:18.570Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }