Search criteria
2 vulnerabilities found for μR10000 / μR20000 Chart Recorders by Yokogawa Electric Corporation
CVE-2025-1863 (GCVE-0-2025-1863)
Vulnerability from cvelistv5 – Published: 2025-04-18 05:55 – Updated: 2025-04-18 12:00
VLAI?
Summary
Insecure default settings have been found in recorder products provided by Yokogawa Electric Corporation. The default setting of the authentication function is disabled on the affected products. Therefore, when connected to a network with default settings, anyone can access all functions related to settings and operations. As a result, an attacker can illegally manipulate and configure important data such as measured values and settings.
This issue affects GX10 / GX20 / GP10 / GP20 Paperless Recorders: R5.04.01 or earlier; GM Data Acquisition System: R5.05.01 or earlier; DX1000 / DX2000 / DX1000N Paperless Recorders: R4.21 or earlier; FX1000 Paperless Recorders: R1.31 or earlier; μR10000 / μR20000 Chart Recorders: R1.51 or earlier; MW100 Data Acquisition Units: All versions; DX1000T / DX2000T Paperless Recorders: All versions; CX1000 / CX2000 Paperless Recorders: All versions.
Severity ?
9.8 (Critical)
CWE
- CWE-1188 - Insecure Default Initialization of Resource
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Yokogawa Electric Corporation | GX10 / GX20 / GP10 / GP20 Paperless Recorders |
Affected:
R5.04.01 or earlier
(custom)
|
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1863",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T11:39:17.017969Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T12:00:37.316Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "GX10 / GX20 / GP10 / GP20 Paperless Recorders",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "R5.04.01 or earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "GM Data Acquisition System",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "R5.05.01 or earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DX1000 / DX2000 / DX1000N Paperless Recorders",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "R4.21 or earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "FX1000 Paperless Recorders",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "R1.31 or earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "\u03bcR10000 / \u03bcR20000 Chart Recorders",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "R1.51 or earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "MW100 Data Acquisition Units",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DX1000T / DX2000T Paperless Recorders",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "CX1000 / CX2000 Paperless Recorders",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-04-17T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insecure default settings have been found in recorder products provided by Yokogawa Electric Corporation. The default setting of the authentication function is disabled on the affected products. Therefore, when connected to a network with default settings, anyone can access all functions related to settings and operations. As a result, an attacker can illegally manipulate and configure important data such as measured values and settings.\u003cbr\u003e\u003cp\u003eThis issue affects GX10 / GX20 / GP10 / GP20 Paperless Recorders: R5.04.01 or earlier; GM Data Acquisition System: R5.05.01 or earlier; DX1000 / DX2000 / DX1000N Paperless Recorders: R4.21 or earlier; FX1000 Paperless Recorders: R1.31 or earlier; \u03bcR10000 / \u03bcR20000 Chart Recorders: R1.51 or earlier; MW100 Data Acquisition Units: All versions; DX1000T / DX2000T Paperless Recorders: All versions; CX1000 / CX2000 Paperless Recorders: All versions.\u003c/p\u003e"
}
],
"value": "Insecure default settings have been found in recorder products provided by Yokogawa Electric Corporation. The default setting of the authentication function is disabled on the affected products. Therefore, when connected to a network with default settings, anyone can access all functions related to settings and operations. As a result, an attacker can illegally manipulate and configure important data such as measured values and settings.\nThis issue affects GX10 / GX20 / GP10 / GP20 Paperless Recorders: R5.04.01 or earlier; GM Data Acquisition System: R5.05.01 or earlier; DX1000 / DX2000 / DX1000N Paperless Recorders: R4.21 or earlier; FX1000 Paperless Recorders: R1.31 or earlier; \u03bcR10000 / \u03bcR20000 Chart Recorders: R1.51 or earlier; MW100 Data Acquisition Units: All versions; DX1000T / DX2000T Paperless Recorders: All versions; CX1000 / CX2000 Paperless Recorders: All versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188 Insecure Default Initialization of Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T05:55:26.303Z",
"orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"shortName": "YokogawaGroup"
},
"references": [
{
"url": "https://web-material3.yokogawa.com/1/36974/files/YSAR-25-0001-E.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insecure default settings for recorder products",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"assignerShortName": "YokogawaGroup",
"cveId": "CVE-2025-1863",
"datePublished": "2025-04-18T05:55:26.303Z",
"dateReserved": "2025-03-03T05:46:48.396Z",
"dateUpdated": "2025-04-18T12:00:37.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1863 (GCVE-0-2025-1863)
Vulnerability from nvd – Published: 2025-04-18 05:55 – Updated: 2025-04-18 12:00
VLAI?
Summary
Insecure default settings have been found in recorder products provided by Yokogawa Electric Corporation. The default setting of the authentication function is disabled on the affected products. Therefore, when connected to a network with default settings, anyone can access all functions related to settings and operations. As a result, an attacker can illegally manipulate and configure important data such as measured values and settings.
This issue affects GX10 / GX20 / GP10 / GP20 Paperless Recorders: R5.04.01 or earlier; GM Data Acquisition System: R5.05.01 or earlier; DX1000 / DX2000 / DX1000N Paperless Recorders: R4.21 or earlier; FX1000 Paperless Recorders: R1.31 or earlier; μR10000 / μR20000 Chart Recorders: R1.51 or earlier; MW100 Data Acquisition Units: All versions; DX1000T / DX2000T Paperless Recorders: All versions; CX1000 / CX2000 Paperless Recorders: All versions.
Severity ?
9.8 (Critical)
CWE
- CWE-1188 - Insecure Default Initialization of Resource
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Yokogawa Electric Corporation | GX10 / GX20 / GP10 / GP20 Paperless Recorders |
Affected:
R5.04.01 or earlier
(custom)
|
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1863",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T11:39:17.017969Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T12:00:37.316Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "GX10 / GX20 / GP10 / GP20 Paperless Recorders",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "R5.04.01 or earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "GM Data Acquisition System",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "R5.05.01 or earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DX1000 / DX2000 / DX1000N Paperless Recorders",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "R4.21 or earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "FX1000 Paperless Recorders",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "R1.31 or earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "\u03bcR10000 / \u03bcR20000 Chart Recorders",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "R1.51 or earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "MW100 Data Acquisition Units",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DX1000T / DX2000T Paperless Recorders",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "CX1000 / CX2000 Paperless Recorders",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-04-17T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insecure default settings have been found in recorder products provided by Yokogawa Electric Corporation. The default setting of the authentication function is disabled on the affected products. Therefore, when connected to a network with default settings, anyone can access all functions related to settings and operations. As a result, an attacker can illegally manipulate and configure important data such as measured values and settings.\u003cbr\u003e\u003cp\u003eThis issue affects GX10 / GX20 / GP10 / GP20 Paperless Recorders: R5.04.01 or earlier; GM Data Acquisition System: R5.05.01 or earlier; DX1000 / DX2000 / DX1000N Paperless Recorders: R4.21 or earlier; FX1000 Paperless Recorders: R1.31 or earlier; \u03bcR10000 / \u03bcR20000 Chart Recorders: R1.51 or earlier; MW100 Data Acquisition Units: All versions; DX1000T / DX2000T Paperless Recorders: All versions; CX1000 / CX2000 Paperless Recorders: All versions.\u003c/p\u003e"
}
],
"value": "Insecure default settings have been found in recorder products provided by Yokogawa Electric Corporation. The default setting of the authentication function is disabled on the affected products. Therefore, when connected to a network with default settings, anyone can access all functions related to settings and operations. As a result, an attacker can illegally manipulate and configure important data such as measured values and settings.\nThis issue affects GX10 / GX20 / GP10 / GP20 Paperless Recorders: R5.04.01 or earlier; GM Data Acquisition System: R5.05.01 or earlier; DX1000 / DX2000 / DX1000N Paperless Recorders: R4.21 or earlier; FX1000 Paperless Recorders: R1.31 or earlier; \u03bcR10000 / \u03bcR20000 Chart Recorders: R1.51 or earlier; MW100 Data Acquisition Units: All versions; DX1000T / DX2000T Paperless Recorders: All versions; CX1000 / CX2000 Paperless Recorders: All versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188 Insecure Default Initialization of Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T05:55:26.303Z",
"orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"shortName": "YokogawaGroup"
},
"references": [
{
"url": "https://web-material3.yokogawa.com/1/36974/files/YSAR-25-0001-E.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insecure default settings for recorder products",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"assignerShortName": "YokogawaGroup",
"cveId": "CVE-2025-1863",
"datePublished": "2025-04-18T05:55:26.303Z",
"dateReserved": "2025-03-03T05:46:48.396Z",
"dateUpdated": "2025-04-18T12:00:37.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}