CVE-2025-1863

Name of the Vulnerable Software and Affected Versions Yokogawa Electric Corporation GX10 / GX20 / GP10 / GP20 Paperless Recorders versions R5.04.01 or earlier Yokogawa Electric Corporation GM Data Acquisition System versions R5.05.01 or earlier Yokogawa Electric Corporation DX1000 / DX2000 / DX1000N Paperless Recorders versions R4.21 or earlier Yokogawa Electric Corporation FX1000 Paperless Recorders versions R1.31 or earlier Yokogawa Electric Corporation μR10000 / μR20000 Chart Recorders versions R1.51 or earlier Yokogawa Electric Corporation MW100 Data Acquisition Units versions (all versions) Yokogawa Electric Corporation DX1000T / DX2000T Paperless Recorders versions (all versions) Yokogawa Electric Corporation CX1000 / CX2000 Paperless Recorders versions (all versions)

Description Insecure default settings have been found in recorder products provided by Yokogawa Electric Corporation. The default setting of the authentication function is disabled on the affected products. Therefore, when connected to a network with default settings, anyone can access all functions related to settings and operations. As a result, an attacker can illegally manipulate and configure important data such as measured values and settings.

Recommendations For GX10 / GX20 / GP10 / GP20 Paperless Recorders versions R5.04.01 or earlier, update the authentication function settings to enable secure access. For GM Data Acquisition System versions R5.05.01 or earlier, change the default settings to secure the authentication function. For DX1000 / DX2000 / DX1000N Paperless Recorders versions R4.21 or earlier, modify the default configuration to enable authentication. For FX1000 Paperless Recorders versions R1.31 or earlier, adjust the settings to secure the authentication function. For μR10000 / μR20000 Chart Recorders versions R1.51 or earlier, update the configuration to enable secure access. For MW100 Data Acquisition Units, DX1000T / DX2000T Paperless Recorders, and CX1000 / CX2000 Paperless Recorders, since all versions are affected, consider disabling the devices from the network until a secure configuration or update is available. As a temporary workaround, consider restricting access to the affected devices until the issue is resolved.