Insecure Default Settings in Yokogawa Electric Products
CVE-2025-1863

9.8CRITICAL

Key Information:

Vendor: Yokogawa Electric Corporation
Status: Gx10 / Gx20 / Gp10 / Gp20 Paperless Recorders; Gm Data Acquisition System; Dx1000 / Dx2000 / Dx1000n Paperless Recorders; Fx1000 Paperless Recorders
Vendor: CVE Published:; 18 April 2025

🔔 Create Yokogawa Electric Corporation Vulnerability Alert

What is CVE-2025-1863?

Yokogawa Electric Corporation's recorder products are impacted by insecure default settings that leave authentication functions disabled. This flaw allows unauthorized users to access and manipulate critical operational settings and data whenever the products are connected to a network with the default configuration. Users may unknowingly expose themselves to potential data tampering and misconfiguration, thereby compromising the integrity of the collected information. Effective security practices necessitate immediate attention to configuring device authentication settings appropriately to mitigate these risks.

Affected Version(s)

CX1000 / CX2000 Paperless Recorders All versions

DX1000 / DX2000 / DX1000N Paperless Recorders R4.21 or earlier

DX1000T / DX2000T Paperless Recorders All versions

References

https://web-material3.yokogawa.com/1/36974/files/YSAR-25-...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 18, 2025
Vulnerability Reserved
Mar 3, 2025