Insecure Default Settings in Yokogawa Electric Products
CVE-2025-1863

9.8CRITICAL

Key Information:

Vendor
Yokogawa Electric Corporation
Status
Gx10 / Gx20 / Gp10 / Gp20 Paperless Recorders
Gm Data Acquisition System
Dx1000 / Dx2000 / Dx1000n Paperless Recorders
Fx1000 Paperless Recorders
Vendor
CVE Published:
18 April 2025

Summary

Yokogawa Electric Corporation's recorder products are impacted by insecure default settings that leave authentication functions disabled. This flaw allows unauthorized users to access and manipulate critical operational settings and data whenever the products are connected to a network with the default configuration. Users may unknowingly expose themselves to potential data tampering and misconfiguration, thereby compromising the integrity of the collected information. Effective security practices necessitate immediate attention to configuring device authentication settings appropriately to mitigate these risks.

Affected Version(s)

CX1000 / CX2000 Paperless Recorders All versions

DX1000 / DX2000 / DX1000N Paperless Recorders R4.21 or earlier

DX1000T / DX2000T Paperless Recorders All versions

References

https://web-material3.yokogawa.com/1/36974/files/YSAR-25-...

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-1863 : Insecure Default Settings in Yokogawa Electric Products | SecurityVulnerability.io