CVE-2025-1863

Insecure default settings for recorder products

Assigner: YokogawaGroup
Reserved: 03.03.2025 Published: 18.04.2025 Updated: 18.04.2025

Insecure default settings have been found in recorder products provided by Yokogawa Electric Corporation. The default setting of the authentication function is disabled on the affected products. Therefore, when connected to a network with default settings, anyone can access all functions related to settings and operations. As a result, an attacker can illegally manipulate and configure important data such as measured values and settings. This issue affects GX10 / GX20 / GP10 / GP20 Paperless Recorders: R5.04.01 or earlier; GM Data Acquisition System: R5.05.01 or earlier; DX1000 / DX2000 / DX1000N Paperless Recorders: R4.21 or earlier; FX1000 Paperless Recorders: R1.31 or earlier; μR10000 / μR20000 Chart Recorders: R1.51 or earlier; MW100 Data Acquisition Units: All versions; DX1000T / DX2000T Paperless Recorders: All versions; CX1000 / CX2000 Paperless Recorders: All versions.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 9.8

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Yokogawa Electric Corporation
Product	GX10 / GX20 / GP10 / GP20 Paperless Recorders
Versions	Default: unknown Version R5.04.01 or earlier is affected

Vendor

Yokogawa Electric Corporation

Product

GX10 / GX20 / GP10 / GP20 Paperless Recorders

Versions

Default: unknown

Version R5.04.01 or earlier is affected

Vendor	Yokogawa Electric Corporation
Product	GM Data Acquisition System
Versions	Default: unknown Version R5.05.01 or earlier is affected

Vendor

Yokogawa Electric Corporation

Product

GM Data Acquisition System

Versions

Default: unknown

Version R5.05.01 or earlier is affected

Vendor	Yokogawa Electric Corporation
Product	DX1000 / DX2000 / DX1000N Paperless Recorders
Versions	Default: unknown Version R4.21 or earlier is affected

Vendor

Yokogawa Electric Corporation

Product

DX1000 / DX2000 / DX1000N Paperless Recorders

Versions

Default: unknown

Version R4.21 or earlier is affected

Vendor	Yokogawa Electric Corporation
Product	FX1000 Paperless Recorders
Versions	Default: unknown Version R1.31 or earlier is affected

Vendor

Yokogawa Electric Corporation

Product

FX1000 Paperless Recorders

Versions

Default: unknown

Version R1.31 or earlier is affected

Vendor	Yokogawa Electric Corporation
Product	μR10000 / μR20000 Chart Recorders
Versions	Default: unknown Version R1.51 or earlier is affected

Vendor

Yokogawa Electric Corporation

Product

μR10000 / μR20000 Chart Recorders

Versions

Default: unknown

Version R1.51 or earlier is affected

Vendor	Yokogawa Electric Corporation
Product	MW100 Data Acquisition Units
Versions	Default: unknown Version All versions is affected

Vendor

Yokogawa Electric Corporation

Product

MW100 Data Acquisition Units

Versions

Default: unknown

Version All versions is affected

Vendor	Yokogawa Electric Corporation
Product	DX1000T / DX2000T Paperless Recorders
Versions	Default: unknown Version All versions is affected

Vendor

Yokogawa Electric Corporation

Product

DX1000T / DX2000T Paperless Recorders

Versions

Default: unknown

Version All versions is affected

Vendor	Yokogawa Electric Corporation
Product	CX1000 / CX2000 Paperless Recorders
Versions	Default: unknown Version All versions is affected

Vendor

Yokogawa Electric Corporation

Product

CX1000 / CX2000 Paperless Recorders

Versions

Default: unknown

Version All versions is affected

References

Problem Types

CWE-1188 Insecure Default Initialization of Resource CWE

CVE-2025-1863 PUBLISHED

Insecure default settings for recorder products

Metrics

Product Status

References

Problem Types