CVE-2025-66601 identifies a vulnerability classified under CWE-358 (Improperly Controlled Modification of Object Prototype Attributes) in Yokogawa Electric Corporation's FAST/TOOLS software, specifically versions R9.01 through R10.04. The root cause is the absence of explicit MIME type specification in the product's web components (packages RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB). This omission allows an attacker to exploit content sniffing behavior in browsers, where the browser attempts to infer the content type of a resource. By manipulating the content or headers, an attacker can cause the browser to execute malicious scripts embedded in responses that should otherwise be treated as non-executable content. The vulnerability is remotely exploitable without authentication or user interaction, as indicated by the CVSS vector (AV:N/AC:L/AT:P/PR:N/UI:N). The partial impact on confidentiality and integrity suggests that while direct data theft or modification is limited, the execution of malicious scripts could lead to further compromise or disruption. The vulnerability affects critical industrial control system software widely used for monitoring and controlling industrial processes. No patches or exploits are currently publicly available, but the risk remains due to the nature of the flaw and the criticality of the affected systems.

For European organizations, particularly those in industrial sectors such as manufacturing, energy, and utilities that rely on Yokogawa's FAST/TOOLS for supervisory control and data acquisition (SCADA), this vulnerability poses a risk of unauthorized script execution within their control environments. While the immediate impact on confidentiality and integrity is limited, successful exploitation could enable attackers to execute arbitrary scripts that may disrupt operations, manipulate process data, or serve as a foothold for further attacks. Given the critical nature of industrial control systems, even limited script execution can have cascading effects on availability and safety. The lack of required authentication and user interaction increases the risk of remote exploitation. European organizations with interconnected networks or insufficient segmentation between corporate and operational technology (OT) environments are particularly vulnerable. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers often target industrial control systems for espionage or sabotage.

1. Monitor Yokogawa's official channels for patches or updates addressing this vulnerability and apply them promptly once available. 2. Implement strict Content-Type header enforcement on web servers and proxies serving FAST/TOOLS components to prevent browsers from performing content sniffing. 3. Use web application firewalls (WAFs) to detect and block suspicious requests that may attempt content sniffing attacks. 4. Segment industrial control networks from corporate IT networks to limit exposure and lateral movement opportunities. 5. Conduct regular security assessments and penetration tests focusing on web interfaces of industrial control systems. 6. Educate operational technology personnel about the risks of web-based attacks and ensure secure configuration of all web-facing components. 7. Employ network intrusion detection systems (NIDS) tuned to detect anomalous traffic patterns related to script injection or content sniffing attempts. 8. Restrict access to FAST/TOOLS web interfaces to trusted IP ranges and use VPNs or secure tunnels for remote access.