CVE-2025-1863

{"id": "CVE-2025-1863", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "7168b535-132a-4efe-a076-338f829b2eb9", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-04-18T06:15:42.357", "references": [{"url": "https://web-material3.yokogawa.com/1/36974/files/YSAR-25-0001-E.pdf", "source": "7168b535-132a-4efe-a076-338f829b2eb9"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "7168b535-132a-4efe-a076-338f829b2eb9", "description": [{"lang": "en", "value": "CWE-1188"}]}], "descriptions": [{"lang": "en", "value": "Insecure default settings have been found in recorder products provided by Yokogawa Electric Corporation. The default setting of the authentication function is disabled on the affected products. Therefore, when connected to a network with default settings, anyone can access all functions related to settings and operations. As a result, an attacker can illegally manipulate and configure important data such as measured values and settings.\nThis issue affects GX10 / GX20 / GP10 / GP20 Paperless Recorders: R5.04.01 or earlier; GM Data Acquisition System: R5.05.01 or earlier; DX1000 / DX2000 / DX1000N Paperless Recorders: R4.21 or earlier; FX1000 Paperless Recorders: R1.31 or earlier; \u03bcR10000 / \u03bcR20000 Chart Recorders: R1.51 or earlier; MW100 Data Acquisition Units: All versions; DX1000T / DX2000T Paperless Recorders: All versions; CX1000 / CX2000 Paperless Recorders: All versions."}, {"lang": "es", "value": "Se han detectado configuraciones predeterminadas inseguras en los registradores de Yokogawa Electric Corporation. La funci\u00f3n de autenticaci\u00f3n est\u00e1 deshabilitada por defecto en los productos afectados. Por lo tanto, al conectarse a una red con la configuraci\u00f3n predeterminada, cualquier persona puede acceder a todas las funciones relacionadas con la configuraci\u00f3n y las operaciones. Como resultado, un atacante puede manipular y configurar ilegalmente datos importantes, como valores medidos y configuraciones. Este problema afecta a los registradores sin papel GX10/GX20/GP10/GP20: R5.04.01 o anteriores; Sistema de adquisici\u00f3n de datos GM: R5.05.01 o anteriores; Registradores sin papel DX1000/DX2000/DX1000N: R4.21 o anteriores; Registradores sin papel FX1000: R1.31 o anteriores; Registradores de gr\u00e1ficos ?R10000/?R20000: R1.51 o anteriores; Unidades de adquisici\u00f3n de datos MW100: Todas las versiones. Registradores sin papel DX1000T / DX2000T: todas las versiones; Registradores sin papel CX1000 / CX2000: todas las versiones."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "7168b535-132a-4efe-a076-338f829b2eb9"}