A high-severity vulnerability has been discovered in a range of industrial recorder and data acquisition systems produced by Yokogawa Electric Corporation, a Japan-based automation and measurement equipment manufacturer. This flaw has been identified as CVE-2025-1863 and is categorized under CWE-306: Missing Authentication for Critical Function.
The issue carries a CVSS v4 base score of 9.3 and a CVSS v3.1 score of 9.8, highlighting the extreme risk it poses to affected systems.
Overview of Yokogawa Vulnerability
The vulnerability is linked to insecure default settings in Yokogawa’s recorder products. Specifically, authentication is disabled by default on several of these devices. This means that when the devices are connected to a network without any configuration changes, anyone with network access can gain full access to critical functions—including system settings and operational controls.
Such unrestricted access allows an attacker to manipulate measured values, alter system settings, and potentially compromise the integrity of critical operations in sectors like manufacturing, energy, and agriculture.
Affected Yokogawa Products
The vulnerability affects a wide range of Yokogawa’s paperless recorders and data acquisition units. The following models and versions are impacted:
- GX10 / GX20 / GP10 / GP20 Paperless Recorders: R5.04.01 and earlier
- GM Data Acquisition System: R5.05.01 and earlier
- DX1000 / DX2000 / DX1000N Paperless Recorders: R4.21 and earlier
- FX1000 Paperless Recorders: R1.31 and earlier
- μR10000 / μR20000 Chart Recorders: R1.51 and earlier
- MW100 Data Acquisition Units: All versions
- DX1000T / DX2000T Paperless Recorders: All versions
- CX1000 / CX2000 Paperless Recorders: All versions
These devices are commonly used in critical infrastructure environments worldwide, including industrial manufacturing facilities, energy plants, and food processing units.
Vulnerability Impact
According to the technical evaluation, the Yokogawa vulnerability can be exploited remotely and with low attack complexity. No authentication or user interaction is needed, making it an attractive target for cyber attackers. The ability to manipulate sensitive data and operational settings without proper access control could result in:
- Incorrect measurements and faulty process outcomes
- Data integrity compromise
- Downtime in production lines
- Safety hazards in automated environments
The threat becomes even more critical due to the default-disabled authentication, which implies that unless a user has manually enabled access controls, their systems are likely exposed.
Technical Analysis
The Yokogawa vulnerability stems from the absence of an enforced authentication mechanism in the default configuration of affected devices. In systems where authentication is not manually activated, any user on the network can access all critical device functions, including:
- Configuration of sensors and thresholds
- Adjustment of logging parameters
- Export and modification of stored data
The CVSS v4 vector string for this vulnerability is:
CVSS4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
This reflects:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Confidentiality, Integrity, and Availability Impact: High
The vulnerability was discovered and disclosed by Souvik Kandar from MicroSec (microsec.io) and was coordinated with the Cybersecurity and Infrastructure Security Agency (CISA).
Yokogawa’s Mitigation Measures
Yokogawa has issued guidance for all users of the affected products. Key recommendations include:
- Enable Authentication: Immediately activate the login function (authentication feature) on all affected devices if they are connected to a network.
- Change Default Passwords: After enabling authentication, update the default credentials to strong, unique passwords to prevent unauthorized access.
- Implement a Comprehensive Security Program: Yokogawa strongly recommends a complete security strategy that includes:
- Patch management and regular firmware updates
- Anti-virus deployment
- Data backup and recovery plans
- Network zoning and segmentation
- System hardening
- Application and device whitelisting
- Proper firewall configuration
The company also offers security risk assessments to help customers evaluate and improve their current security posture.
Impacted Industries and Global Reach
Given the widespread use of Yokogawa recorders in automation and critical systems, this Yokogawa vulnerability has implications across several sectors:
- Critical Manufacturing: Automated production environments rely heavily on precise data logging and process control. Manipulation of recorder settings could lead to costly downtime or product defects.
- Energy: In power plants and substations, these devices often monitor critical parameters. A security breach could result in operational disruption or even physical damage.
- Food and Agriculture: Accurate recording of environmental data is essential for food safety and quality. An attacker could alter data to mask spoilage or unsafe conditions.
The default disabled authentication presents a critical security gap that can be easily closed with proper configuration. However, the responsibility lies with users and system integrators to follow through with security best practices.
Conclusion
Industrial operators must not assume out-of-the-box configurations are secure, especially when deploying devices in critical environments.
As threat actors increasingly target operational technology (OT) systems, proactive device hardening and security governance become non-negotiable. Addressing this vulnerability promptly will not only secure your systems but also ensure continuity, safety, and reliability in critical operations.
Source: Read More
