CVE-2025-1863

CRITICAL

Yokogawa Electric Corporation - Info Disclosure

Title source: llm
STIX 2.1

Description

Insecure default settings have been found in recorder products provided by Yokogawa Electric Corporation. The default setting of the authentication function is disabled on the affected products. Therefore, when connected to a network with default settings, anyone can access all functions related to settings and operations. As a result, an attacker can illegally manipulate and configure important data such as measured values and settings. This issue affects GX10 / GX20 / GP10 / GP20 Paperless Recorders: R5.04.01 or earlier; GM Data Acquisition System: R5.05.01 or earlier; DX1000 / DX2000 / DX1000N Paperless Recorders: R4.21 or earlier; FX1000 Paperless Recorders: R1.31 or earlier; μR10000 / μR20000 Chart Recorders: R1.51 or earlier; MW100 Data Acquisition Units: All versions; DX1000T / DX2000T Paperless Recorders: All versions; CX1000 / CX2000 Paperless Recorders: All versions.

References (1)

Scores

CVSS v3 9.8
EPSS 0.0027
EPSS Percentile 50.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-1188
Status published
Products (8)
Yokogawa Electric Corporation/CX1000 / CX2000 Paperless Recorders All versions
Yokogawa Electric Corporation/DX1000 / DX2000 / DX1000N Paperless Recorders R4.21 or earlier
Yokogawa Electric Corporation/DX1000T / DX2000T Paperless Recorders All versions
Yokogawa Electric Corporation/FX1000 Paperless Recorders R1.31 or earlier
Yokogawa Electric Corporation/GM Data Acquisition System R5.05.01 or earlier
Yokogawa Electric Corporation/GX10 / GX20 / GP10 / GP20 Paperless Recorders R5.04.01 or earlier
Yokogawa Electric Corporation/MW100 Data Acquisition Units All versions
Yokogawa Electric Corporation/μR10000 / μR20000 Chart Recorders R1.51 or earlier
Published Apr 18, 2025
Tracked Since Feb 18, 2026