CVE-2025-66607 identifies a vulnerability categorized under CWE-358 (Improperly Controlled Modification of Object Prototype Attributes) in Yokogawa Electric Corporation's FAST/TOOLS software, specifically affecting versions R9.01 through R10.04 across multiple packages including RVSVRN, UNSVRN, HMIWEB, FTEES, and HMIMOB. The vulnerability arises from an insecure configuration in the HTTP response headers sent by the affected software. This misconfiguration can be exploited by attackers to perform HTTP response splitting or header injection attacks, enabling them to redirect legitimate users to malicious external websites without their consent. The attack vector is network-based (AV:N), with high attack complexity (AC:H), and does not require authentication (PR:N) or user interaction (UI:N). The impact primarily affects confidentiality and integrity by potentially exposing users to phishing or malware distribution via redirection. The vulnerability does not affect availability and does not require scope changes or privileges. Although no known exploits are currently reported in the wild, the medium CVSS score of 6.3 reflects the moderate risk posed by this vulnerability. FAST/TOOLS is widely used in industrial automation and control systems, making this vulnerability relevant to operational technology environments. The lack of available patches at the time of reporting necessitates immediate mitigation through configuration hardening and network controls.

For European organizations, especially those in industrial sectors such as manufacturing, energy, and utilities that rely on Yokogawa's FAST/TOOLS for process control and monitoring, this vulnerability poses a risk of user redirection to malicious sites. This could lead to phishing attacks, credential theft, or malware infections that compromise operational technology environments. The confidentiality of user sessions and integrity of system interactions may be undermined, potentially disrupting trust in control systems interfaces. While the vulnerability does not directly impact system availability, successful exploitation could facilitate further attacks that might escalate to operational disruptions. Given the critical nature of industrial control systems in Europe’s economy and infrastructure, even medium-severity vulnerabilities warrant prompt attention to prevent potential cascading effects. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially from targeted attackers aware of this weakness.

1. Immediately review and harden HTTP response header configurations in FAST/TOOLS deployments to eliminate insecure settings that allow header injection or response splitting. 2. Monitor network traffic for unusual HTTP redirects or anomalies indicative of exploitation attempts. 3. Implement strict Content Security Policy (CSP) headers and HTTP Strict Transport Security (HSTS) to reduce the risk of malicious redirections. 4. Restrict access to FAST/TOOLS web interfaces to trusted networks and enforce strong network segmentation between IT and OT environments. 5. Apply vendor patches or updates as soon as they become available; maintain close communication with Yokogawa for security advisories. 6. Conduct regular security assessments and penetration testing focused on web interface vulnerabilities. 7. Educate users and operators about phishing risks associated with unexpected redirects. 8. Employ web application firewalls (WAFs) with rules targeting HTTP header manipulation attacks. 9. Maintain comprehensive logging and alerting to detect suspicious activities related to HTTP responses. 10. Coordinate with industrial cybersecurity teams to integrate these mitigations into broader OT security frameworks.