1. EXECUTIVE SUMMARY
- CVSS v4 9.3
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Yokogawa
- Equipment: GX10, GX20, GP10, GP20, GM Data Acquisition System, DX1000, DX2000, DX1000N, FX1000, μR10000, μR20000, MW100, DX1000T, DX2000T, CX1000, CX2000
- Vulnerability: Missing Authentication for Critical Function
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to manipulate information on the affected products.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of Yokogawa recorder products are affected:
- GX10 / GX20 / GP10 / GP20 Paperless Recorders: Versions R5.04.01 and earlier
- GM Data Acquisition System: Versions R5.05.01 and earlier
- DX1000 / DX2000 / DX1000N Paperless Recorders: Versions R4.21 and earlier
- FX1000 Paperless Recorders: Versions R1.31 and earlier
- μR10000 / μR20000 Chart Recorders: Versions R1.51 and earlier
- MW100 Data Acquisition Units: All versions
- DX1000T / DX2000T Paperless Recorders: All versions
- CX1000 / CX2000 Paperless Recorders: All versions
3.2 VULNERABILITY OVERVIEW
3.2.1 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306
Authentication is disabled by default on the affected products. When connected to a network with default settings, this could allow anyone to access all functions related to settings and operations. As a result, an attacker can illegally manipulate and configure important data such as measured values and settings.
CVE-2025-1863 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: