CVE-2025-66596

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly validate request headers. When an attacker inserts an invalid host header, users could be redirected to malicious sites. The affected products and versions are as follows:...

CVE-2025-66608

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly validate URLs. An attacker could send specially crafted requests to steal files from the web server. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVR...

CVE-2025-66594

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Detailed messages are displayed on the error page. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN,...

CVE-2025-66606

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly encode URLs. An attacker could tamper with web pages or execute malicious scripts. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN, HMIWEB,...

CVE-2025-66594

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Detailed messages are displayed on the error page. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN,...

CVE-2025-66596

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly validate request headers. When an attacker inserts an invalid host header, users could be redirected to malicious sites. The affected products and versions are as follows:...

CVE-2025-66599

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Physical paths could be displayed on web pages. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN,...

CVE-2025-66603

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The web server accepts the OPTIONS method. An attacker could potentially use this information to carry out other attacks. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN,...

CVE-2025-66604

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The library version could be displayed on the web page. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN,...

CVE-2025-66607

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The response header contains an insecure setting. Users could be redirected to malicious sites by an attacker. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN, HMIWEB,...

CVE-2025-66607

CVE-2025-66607 affects Yokogawa FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) from R9.01 to R10.04. The root cause is an insecure response header setting that can allow a user to be redirected to malicious sites by an attacker. Documented impact is that redirects may occur, enablin...

PT-2026-7050

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The web server accepts access by IP address. When a worm that randomly searches for IP addresses intrudes into the network, it could potentially be attacked by the worm. The affected products and versions are ...

Metasploit Module Released for Patched Honeywell ICS Vulnerability

Metasploit today released an exploit module for a serious vulnerability in Honeywell industrial control system software used to manage everything from HVAC and building access systems, to energy and facilities management processes. The vulnerability was reported by Rapid7 researcher Juan Vazquez ...

CVE-2013-0108

An ActiveX control in HscRemoteDeploy.dll in Honeywell Enterprise Buildings Integrator EBI R310, R400.2, R410.1, and R410.2; SymmetrE R310, R410.1, and R410.2; ComfortPoint Open Manager aka CPO-M Station R100; and HMIWeb Browser client packages allows remote attackers to execute arbitrary code vi...

Honeywell HMIWeb Browser ActiveX Control RequestDSPLoad Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Honeywell HMIWeb. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ActiveX...

CVE-2012-0254

Stack-based buffer overflow in the HMIWeb Browser HSCDSPRenderDLL ActiveX control in Honeywell Process Solutions HPS Experion R2xx, R30x, R31x, and R400.x; Honeywell Building Solutions HBS Enterprise Building Manager R400 and R410.1; and Honeywell Environmental Combustion and Controls ECC Symmetr...

Stack overflow

Stack-based buffer overflow in the HMIWeb Browser HSCDSPRenderDLL ActiveX control in Honeywell Process Solutions HPS Experion R2xx, R30x, R31x, and R400.x; Honeywell Building Solutions HBS Enterprise Building Manager R400 and R410.1; and Honeywell Environmental Combustion and Controls ECC Symmetr...

CVE-2012-0254

CVE-2012-0254 denotes a stack-based buffer overflow in the HMIWeb Browser HSCDSPRenderDLL ActiveX control, affecting Honeywell HPS Experion (R2xx, R30x, R31x, R400.x); HBS Enterprise Building Manager (R400, R410.1); and ECC SymmetrE (R410.1). The vulnerability can allow remote attackers to execut...

CVE-2012-0254

Stack-based buffer overflow in the HMIWeb Browser HSCDSPRenderDLL ActiveX control in Honeywell Process Solutions HPS Experion R2xx, R30x, R31x, and R400.x; Honeywell Building Solutions HBS Enterprise Building Manager R400 and R410.1; and Honeywell Environmental Combustion and Controls ECC Symmetr...