CVE-2025-66606 identifies a vulnerability in Yokogawa Electric Corporation's FAST/TOOLS software, specifically versions R9.01 through R10.04, affecting several packages such as RVSVRN, UNSVRN, HMIWEB, FTEES, and HMIMOB. The root cause is improper URL encoding, which allows attackers to manipulate web pages or execute malicious scripts, classifying this as a CWE-86 (Improper Neutralization of URL Encoding). This vulnerability can lead to cross-site scripting (XSS)-like attacks where crafted URLs can inject malicious scripts into the web interface of the FAST/TOOLS system. The CVSS 4.0 vector indicates network attack vector (AV:N), high attack complexity (AC:H), no privileges required (PR:N), user interaction required (UI:A), low impact on confidentiality (C:L), and no impact on integrity or availability. The scope is limited, and no known exploits have been reported in the wild. The vulnerability affects the web-based components of the industrial control system, which are critical for monitoring and controlling industrial processes. Improper URL encoding can lead to session hijacking, data manipulation, or unauthorized actions if exploited, but the requirement for user interaction and high attack complexity reduce the risk. The vulnerability highlights the importance of secure input validation and encoding in industrial control system web interfaces to prevent injection attacks.

For European organizations, particularly those operating critical infrastructure and industrial automation systems, this vulnerability poses a moderate risk due to the widespread use of Yokogawa's FAST/TOOLS in sectors like energy, manufacturing, and utilities. While the CVSS score is low, successful exploitation could allow attackers to inject malicious scripts, potentially leading to session hijacking or manipulation of displayed data, which could disrupt monitoring or control operations. The requirement for user interaction and high attack complexity limits large-scale automated exploitation. However, targeted attacks against operators or administrators could lead to localized operational impacts or information disclosure. The vulnerability could also be leveraged as part of a multi-stage attack chain against industrial control systems. European organizations with web-facing FAST/TOOLS components should consider this vulnerability in their risk assessments, especially those in countries with significant industrial sectors or critical infrastructure dependencies on Yokogawa products.

Organizations should implement strict input validation and proper URL encoding in all web interfaces of FAST/TOOLS to prevent injection of malicious scripts. Since no official patches are currently listed, users should monitor Yokogawa's advisories for updates or patches addressing this issue. Network segmentation and restricting access to FAST/TOOLS web interfaces to trusted internal networks can reduce exposure. Employ web application firewalls (WAFs) with rules to detect and block suspicious URL encoding or script injection attempts. User awareness training should emphasize the risks of interacting with untrusted URLs related to industrial control system interfaces. Regular security assessments and penetration testing focused on web components of industrial control systems can help identify and remediate similar vulnerabilities. Logging and monitoring for unusual web requests or script execution attempts can provide early detection of exploitation attempts. Finally, consider disabling or restricting unnecessary web interface features or packages that are not in use to reduce the attack surface.