CVE-2025-1863
Essential information
- Published
- 18/04/2025 06:15
- Modified
- 18/04/2025 06:15
- Author
- —
- Creator
- —
- CVSS
- 9.8 CRITICAL (v3.1)
- CISA KEV
- No
- CWE
- —
- CVSS vector
-
—
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H—
CVSS metrics
- Access vector
- —
- Access complexity
- —
- Authentication
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploitability
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- NETWORK
- Attack complexity
- LOW
- Privileges required
- NONE
- User interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality impact
- HIGH
- Integrity impact
- HIGH
- Availability impact
- HIGH
- Exploit code maturity
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- —
- Attack complexity
- —
- Attack requirements
- —
- Privileges required
- —
- User interaction
- —
- Confidentiality (V)
- —
- Confidentiality (S)
- —
- Integrity (V)
- —
- Integrity (S)
- —
- Availability (V)
- —
- Availability (S)
- —
- Exploit maturity
- —
Description
Insecure default settings have been found in recorder products provided by Yokogawa Electric Corporation. The default setting of the authentication function is disabled on the affected products. Therefore, when connected to a network with default settings, anyone can access all functions related to settings and operations. As a result, an attacker can illegally manipulate and configure important data such as measured values and settings.
This issue affects GX10 / GX20 / GP10 / GP20 Paperless Recorders: R5.04.01 or earlier; GM Data Acquisition System: R5.05.01 or earlier; DX1000 / DX2000 / DX1000N Paperless Recorders: R4.21 or earlier; FX1000 Paperless Recorders: R1.31 or earlier; μR10000 / μR20000 Chart Recorders: R1.51 or earlier; MW100 Data Acquisition Units: All versions; DX1000T / DX2000T Paperless Recorders: All versions; CX1000 / CX2000 Paperless Recorders: All versions.
NVD status
- Status
- Received — CVE has been recently published to the CVE List and has been received by the NVD.
- Source
- 7168b535-132a-4efe-a076-338f829b2eb9
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| yokogawa / gx10 | cpe:2.3:a:yokogawa:gx10:*:*:*:*:*:*:*:* |
| yokogawa / gx20 | cpe:2.3:a:yokogawa:gx20:*:*:*:*:*:*:*:* |
| yokogawa / gp10 | cpe:2.3:a:yokogawa:gp10:*:*:*:*:*:*:*:* |
| yokogawa / gp20 | cpe:2.3:a:yokogawa:gp20:*:*:*:*:*:*:*:* |
| yokogawa / gm data acquisition system | cpe:2.3:a:yokogawa:gm_data_acquisition_system:<5.05.01:*:*:*:*:*:*:* |
| yokogawa / dx1000 | cpe:2.3:a:yokogawa:dx1000:<4.21:*:*:*:*:*:*:* |
| yokogawa / dx2000 | cpe:2.3:a:yokogawa:dx2000:<4.21:*:*:*:*:*:*:* |
| yokogawa / dx1000n | cpe:2.3:a:yokogawa:dx1000n:<4.21:*:*:*:*:*:*:* |
| yokogawa / fx1000 | cpe:2.3:a:yokogawa:fx1000:<1.31:*:*:*:*:*:*:* |
| yokogawa / ur10000 | cpe:2.3:a:yokogawa:ur10000:<1.51:*:*:*:*:*:*:* |
| yokogawa / ur20000 | cpe:2.3:a:yokogawa:ur20000:<1.51:*:*:*:*:*:*:* |
| yokogawa / mw100 | cpe:2.3:a:yokogawa:mw100:*:*:*:*:*:*:*:* |
| yokogawa / dx1000t | cpe:2.3:a:yokogawa:dx1000t:*:*:*:*:*:*:*:* |
| yokogawa / dx2000t | cpe:2.3:a:yokogawa:dx2000t:*:*:*:*:*:*:*:* |
| yokogawa / cx1000 | cpe:2.3:a:yokogawa:cx1000:*:*:*:*:*:*:*:* |
| yokogawa / cx2000 | cpe:2.3:a:yokogawa:cx2000:*:*:*:*:*:*:*:* |