Se ha encontrado una vulnerabilidad en FAST/TOOLS proporcionado por Yokogawa Electric Corporation. Este producto es vulnerable a Cross-Site Request Forgery (CSRF). Cuando un usuario accede a un enlace elaborado por un at

Successful exploitation of this CSRF vulnerability allows an attacker to perform actions on behalf of an authenticated user without their knowledge or consent. This could include modifying user settings, accessing sensitive data, or even initiating unauthorized operations within the FAST/TOOLS system. The potential impact is significant, particularly in environments where FAST/TOOLS manages critical industrial processes, as an attacker could potentially disrupt operations or gain unauthorized access to control systems. The blast radius extends to any user with access to the affected FAST/TOOLS instance.

Organizations utilizing Yokogawa FAST/TOOLS for industrial automation and control systems are at risk, particularly those with legacy configurations or shared hosting environments. Users with elevated privileges within FAST/TOOLS are at higher risk of exploitation.

1. 2026-02-09Disclosure

   disclosure

1. Reservado2025-12-05
2. Publicada2026-02-09
3. EPSS actualizado2026-03-23

Until a patch is released by Yokogawa, several mitigation strategies can be employed. Implement strict input validation and output encoding to prevent malicious scripts from being injected. Consider implementing CSRF tokens for all sensitive operations within FAST/TOOLS. Restrict access to FAST/TOOLS based on the principle of least privilege. Monitor network traffic for suspicious requests originating from untrusted sources. After a patch is released, upgrade FAST/TOOLS to the fixed version and verify the mitigation by attempting to trigger a CSRF attack with a known payload – the request should be blocked or require authentication.