Skip to main content

Fast Tools CVE-2014-7251

LOW
Improper Input Validation (CWE-20)
2014-12-06 vultures@jpcert.or.jp
3.2
CVSS 2.0 · NVD

Severity by source

NVD PRIMARY
3.2 LOW
AV:L/AC:L/Au:S/C:P/I:N/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:L/AC:L/Au:S/C:P/I:N/A:P
Attack Vector
Local
Attack Complexity
Low
Confidentiality
P
Integrity
None
Availability
P

Lifecycle Timeline

1
CVE Published
Dec 06, 2014 - 15:59 cve.org
LOW 3.2

DescriptionCVE.org

XML external entity (XXE) vulnerability in the WebHMI server in Yokogawa Electric Corporation FAST/TOOLS before R9.05-SP2 allows local users to cause a denial of service (CPU or network traffic consumption) or read arbitrary files via unspecified vectors.

AnalysisAI

XML external entity (XXE) vulnerability in the WebHMI server in Yokogawa Electric Corporation FAST/TOOLS before R9.05-SP2 allows local users to cause a denial of service (CPU or network traffic. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. XML external entity (XXE) vulnerability in the WebHMI server in Yokogawa Electric Corporation FAST/TOOLS before R9.05-SP2 allows local users to cause a denial of service (CPU or network traffic consumption) or read arbitrary files via unspecified vectors. Affected products include: Yokogawa Fast\/Tools.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-66603 CRITICAL
9.8 Feb 09

Yokogawa FAST/TOOLS has a second web server vulnerability involving improper cryptographic handling that weakens the sec

CVE-2025-66602 CRITICAL
9.8 Feb 09

Yokogawa FAST/TOOLS SCADA has a vulnerability in its web server component enabling unauthorized access to the industrial

CVE-2025-66606 CRITICAL
9.6 Feb 09

Yokogawa FAST/TOOLS has a third vulnerability involving improper encoding of output that could enable injection attacks

CVE-2026-11833 HIGH
8.2 Jun 23

Information disclosure in Yokogawa FAST/TOOLS (R9.01-R10.04) and CI Server (R1.01-R1.04) allows unmodified network attac

CVE-2025-66608 HIGH
7.5 Feb 09

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly v

CVE-2025-66597 HIGH
7.5 Feb 09

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product supports weak crypt

CVE-2025-66598 HIGH
7.5 Feb 09

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product supports old SSL/TL

CVE-2025-66601 MEDIUM
6.1 Feb 09

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not specify MI

CVE-2025-66595 MEDIUM
5.4 Feb 09

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product is vulnerable to Cr

CVE-2025-66605 MEDIUM
5.3 Feb 09

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Since there are input fields on

CVE-2025-66594 MEDIUM
5.3 Feb 09

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Detailed messages are displayed

CVE-2025-66607 MEDIUM
5.3 Feb 09

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The response header contains an

Share

CVE-2014-7251 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy