Yokogawa Electric Corporation Recorder Products Insecure Default Authentication Vulnerability

A vulnerability exists in various recorder products from Yokogawa Electric Corporation due to insecure default settings. The authentication function is disabled by default, allowing anyone to access all functions related to settings and operations when the device is connected to a network with default settings. This could enable an attacker to manipulate and configure important data, such as measured values and settings. Affected products include GX10, GX20, GP10, GP20 Paperless Recorders (through R5.04.01), GM Data Acquisition System (through R5.05.01), DX1000, DX2000, DX1000N Paperless Recorders (through R4.21), FX1000 Paperless Recorders (through R1.31), μR10000, μR20000 Chart Recorders (through R1.51), MW100 Data Acquisition Units (all versions), DX1000T, DX2000T Paperless Recorders (all versions), and CX1000, CX2000 Paperless Recorders (all versions).

Impact

Exploitation of this vulnerability allows unauthorized access to all functions related to settings and operations, enabling manipulation and configuration of important data such as measured values and settings.