CVE-2025-1863

Summary

Insecure default settings have been found in recorder products provided by Yokogawa Electric Corporation. The default setting of the authentication function is disabled on the affected products. Therefore, when connected to a network with default settings, anyone can access all functions related to settings and operations. As a result, an attacker can illegally manipulate and configure important data such as measured values and settings. This issue affects GX10 / GX20 / GP10 / GP20 Paperless Recorders: R5.04.01 or earlier; GM Data Acquisition System: R5.05.01 or earlier; DX1000 / DX2000 / DX1000N Paperless Recorders: R4.21 or earlier; FX1000 Paperless Recorders: R1.31 or earlier; μR10000 / μR20000 Chart Recorders: R1.51 or earlier; MW100 Data Acquisition Units: All versions; DX1000T / DX2000T Paperless Recorders: All versions; CX1000 / CX2000 Paperless Recorders: All versions.

Affected Software

VendorProductVersion RangeStatus
Yokogawa Electric CorporationGX10 / GX20 / GP10 / GP20 Paperless RecordersR5.04.01 or earlieraffected
Yokogawa Electric CorporationGM Data Acquisition SystemR5.05.01 or earlieraffected
Yokogawa Electric CorporationDX1000 / DX2000 / DX1000N Paperless RecordersR4.21 or earlieraffected
Yokogawa Electric CorporationFX1000 Paperless RecordersR1.31 or earlieraffected
Yokogawa Electric CorporationμR10000 / μR20000 Chart RecordersR1.51 or earlieraffected
Yokogawa Electric CorporationMW100 Data Acquisition UnitsAll versionsaffected
Yokogawa Electric CorporationDX1000T / DX2000T Paperless RecordersAll versionsaffected
Yokogawa Electric CorporationCX1000 / CX2000 Paperless RecordersAll versionsaffected

Weaknesses

  • CWE-1188: CWE-1188 Insecure Default Initialization of Resource

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References