Critical authentication vulnerability reported in Yokogawa Recorder Products
Take action: If you are running Yokogawa industrial recorder products, make sure you activate authentication/login function on ALL of them - especially if they are connected to a network. It doesn't matter if it's an isolated network. Someone will reach them and if you don't have authentication, you will be trivially hacked.
Learn More
A critical security vulnerability has been identified in numerous Yokogawa recorder products used in industrial environments worldwide.
The vulnerability is tracked as CVE-2025-1863 (CVSS score 9.3), is a missing authentication for critical functions and is remotely exploitable with low attack complexity. Authentication is disabled by default on the affected products, creating a security risk when these devices are connected to a network with default settings. This configuration allows unauthorized users to access all functions related to settings and operations.
An attacker exploiting this vulnerability could manipulate important data, alter device configurations and settings and potentially compromise industrial processes.
Multiple Yokogawa recorder products and versions are affected:
- GX10/GX20/GP10/GP20 Paperless Recorders: Versions R5.04.01 and earlier
- GM Data Acquisition System: Versions R5.05.01 and earlier
- DX1000/DX2000/DX1000N Paperless Recorders: Versions R4.21 and earlier
- FX1000 Paperless Recorders: Versions R1.31 and earlier
- μR10000/μR20000 Chart Recorders: Versions R1.51 and earlier
- MW100 Data Acquisition Units: All versions
- DX1000T/DX2000T Paperless Recorders: All versions
- CX1000/CX2000 Paperless Recorders: All versions
Yokogawa has provided the following countermeasures:
- Enable the authentication function (login function) when connecting affected products to the network
- Change the default password after enabling the authentication function
No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.
