cbcvebase.
CVE-2025-1863
published 2025-04-18

CVE-2025-1863: Insecure default settings have been found in recorder products provided by Yokogawa Electric Corporation. The default setting of the authentication function is…

PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.65%
46.4th percentile
Insecure default settings have been found in recorder products provided by Yokogawa Electric Corporation. The default setting of the authentication function is disabled on the affected products. Therefore, when connected to a network with default settings, anyone can access all functions related to settings and operations. As a result, an attacker can illegally manipulate and configure important data such as measured values and settings. This issue affects GX10 / GX20 / GP10 / GP20 Paperless Recorders: R5.04.01 or earlier; GM Data Acquisition System: R5.05.01 or earlier; DX1000 / DX2000 / DX1000N Paperless Recorders: R4.21 or earlier; FX1000 Paperless Recorders: R1.31 or earlier; μR10000 / μR20000 Chart Recorders: R1.51 or earlier; MW100 Data Acquisition Units: All versions; DX1000T / DX2000T Paperless Recorders: All versions; CX1000 / CX2000 Paperless Recorders: All versions.

Affected

8 ranges
VendorProductVersion rangeFixed in
yokogawa_electric_corporationcx1000_cx2000_paperless_recorders
yokogawa_electric_corporationdx1000_dx2000_dx1000n_paperless_recorders
yokogawa_electric_corporationdx1000t_dx2000t_paperless_recorders
yokogawa_electric_corporationfx1000_paperless_recorders
yokogawa_electric_corporationgm_data_acquisition_system
yokogawa_electric_corporationgx10_gx20_gp10_gp20_paperless_recorders
yokogawa_electric_corporationmw100_data_acquisition_units
yokogawa_electric_corporationr10000_r20000_chart_recorders

Detection & IOCsextracted from sources · hover to see the quote

  • Authentication is disabled by default on affected Yokogawa recorder products; any unauthenticated network request to device settings/operations endpoints should be treated as suspicious and investigated
  • Detect unauthenticated access attempts to Yokogawa recorder HTTP/management interfaces on the network; absence of authentication headers/credentials in sessions targeting these devices is a key indicator
  • Monitor for unauthorized changes to measured values or configuration settings on Yokogawa GX10, GX20, GP10, GP20, GM, DX1000, DX2000, DX1000N, FX1000, μR10000, μR20000, MW100, DX1000T, DX2000T, CX1000, CX2000 devices — such changes without a corresponding authenticated session indicate exploitation
  • ·Authentication is OFF by default on all affected product lines; devices must be manually configured to enable the login function before network connection
  • ·MW100 Data Acquisition Units, DX1000T/DX2000T Paperless Recorders, and CX1000/CX2000 Paperless Recorders have no patched firmware version available — all versions are affected and mitigation relies solely on enabling authentication and network isolation
  • ·Default passwords must be changed after enabling authentication; leaving the default password set after enabling the login function does not adequately mitigate the risk

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.