A recent discovery has unveiled a critical vulnerability in industrial recorder and data acquisition systems manufactured by Yokogawa Electric Corporation, a prominent player in the automation and measurement equipment industry. This vulnerability, known as CVE-2025-1863 and classified under CWE-306: Missing Authentication for Critical Function, poses a severe threat to the affected systems with a CVSS v4 base score of 9.3 and a CVSS v3.1 score of 9.8.
The vulnerability stems from insecure default settings in Yokogawa’s recorder products, where authentication is disabled by default on several devices. This lack of authentication leaves the devices vulnerable to unauthorized access, allowing anyone with network connectivity to exploit critical functions, manipulate measured values, and compromise system integrity in various sectors such as manufacturing, energy, and agriculture.
The impacted Yokogawa products include a range of paperless recorders and data acquisition units like GX10/GX20/GP10/GP20 Paperless Recorders, GM Data Acquisition System, DX1000/DX2000/DX1000N Paperless Recorders, FX1000 Paperless Recorders, μR10000/μR20000 Chart Recorders, MW100 Data Acquisition Units, DX1000T/DX2000T Paperless Recorders, and CX1000/CX2000 Paperless Recorders. These devices are extensively used in critical infrastructure environments worldwide, including industrial manufacturing facilities, energy plants, and food processing units.
The impact of this vulnerability is significant, as it can be exploited remotely with low attack complexity and does not require any authentication or user interaction. This makes it an attractive target for cyber attackers who can manipulate sensitive data, alter operational settings, and potentially cause incorrect measurements, data integrity compromise, production downtime, and safety hazards in automated environments.
The technical analysis of the vulnerability reveals that the absence of an enforced authentication mechanism in the default configuration of affected devices allows any user on the network to access critical device functions without any restrictions. This security flaw highlights the importance of implementing proper access controls and securing these devices to prevent unauthorized access and potential exploitation.
Yokogawa has recommended mitigation measures for users of the affected products, including enabling authentication, changing default passwords to strong and unique ones, and implementing a comprehensive security program that includes patch management, anti-virus deployment, data backup and recovery plans, network zoning, system hardening, and firewall configuration.
The widespread use of Yokogawa recorders in automation and critical systems across various industries underscores the global impact of this vulnerability. Critical manufacturing, energy, and food and agriculture sectors are particularly susceptible to the potential risks posed by this security flaw, emphasizing the need for proactive device hardening and adherence to security best practices.
In conclusion, industrial operators must prioritize device security and follow recommended security measures to protect their systems from potential vulnerabilities. Addressing this Yokogawa vulnerability promptly is essential to ensure the continuity, safety, and reliability of critical operations in the face of evolving cyber threats targeting operational technology systems. With proactive measures and comprehensive security strategies in place, organizations can mitigate risks and safeguard their industrial processes against potential cyber attacks.