OTPulse
FeedAboutContact

Yokogawa Recorder Products

Plan Patch9.8ICS-CERT ICSA-25-107-04Apr 17, 2025
Summary

Yokogawa Recorder and data acquisition products are vulnerable to unauthorized information manipulation due to missing authentication controls on affected devices. The vulnerability affects GX10/GX20/GP10/GP20 Paperless Recorders (≤R5.04.01), GM Data Acquisition System (≤R5.05.01), DX1000/DX2000/DX1000N Paperless Recorders (≤R4.21), FX1000 Paperless Recorders (≤R1.31), μR10000/μR20000 Chart Recorders (≤R1.51), and all versions of MW100 Data Acquisition Units, DX1000T/DX2000T, and CX1000/CX2000 Paperless Recorders. An attacker with network access to an unauthenticated device could manipulate recorded data and process information. Yokogawa has not released firmware patches to address this vulnerability.

What this means
What could happen
An attacker could manipulate recorded data and process information on Yokogawa recorders and data acquisition systems, potentially hiding process anomalies or falsifying operational records. This could compromise audit trails, regulatory compliance documentation, and the ability to detect equipment failures or safety deviations.
Who's at risk
Energy and manufacturing facilities relying on Yokogawa paperless recorders (GX/GP/DX/FX/CX series), chart recorders (μR series), and data acquisition systems (GM, MW100) for process monitoring, data logging, and regulatory compliance documentation. This includes power plants, refineries, chemical plants, and water treatment facilities that use these devices for critical process records.
How it could be exploited
An attacker with network access to an affected Yokogawa recorder would connect directly to the device and send requests to manipulate information without authentication, since the devices ship with authentication disabled by default. The attacker does not need valid credentials if authentication has not been enabled.
Prerequisites
  • Network access to the affected Yokogawa device on the plant network or remote access if connected to internet
  • Authentication function must be disabled (default state)
  • No password protection configured on the device
remotely exploitableno authentication requiredno patch availabledefault credentials/configurationaffects data integrity and audit trails
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (8)
8 EOL
ProductAffected VersionsFix Status
GX10 / GX20 / GP10 / GP20 Paperless Recorders: vers:all/<=R5.04.01≤ R5.04.01No fix (EOL)
GM Data Acquisition System: vers:all/<=R5.05.01≤ R5.05.01No fix (EOL)
FX1000 Paperless Recorders: vers:all/<=R1.31≤ R1.31No fix (EOL)
μR10000 / μR20000 Chart Recorders: vers:all/<=R1.51≤ R1.51No fix (EOL)
MW100 Data Acquisition Units: vers:all/*All versionsNo fix (EOL)
DX1000T / DX2000T Paperless Recorders: vers:all/*All versionsNo fix (EOL)
CX1000 / CX2000 Paperless Recorders: vers:all/*All versionsNo fix (EOL)
DX1000 / DX2000 / DX1000N Paperless Recorders: vers:all/<=R4.21≤ R4.21No fix (EOL)
Remediation & Mitigation
0/6
Do now
0/2
HARDENINGEnable the authentication function (login function) on all affected Yokogawa recorders and data acquisition systems
HARDENINGChange default passwords to strong, unique credentials on all affected devices after enabling authentication
Schedule — requires maintenance window
0/3

Patching may require device reboot — plan for process interruption

HARDENINGImplement network segmentation to isolate Yokogawa recorders from business networks and internet access
HARDENINGDeploy firewall rules to restrict access to affected devices to only authorized engineering workstations and monitoring systems
HARDENINGIf remote access is required, use VPN with current patches and strict access controls rather than direct internet exposure
Mitigations - no patch available
0/1
The following products have reached End of Life with no planned fix: GX10 / GX20 / GP10 / GP20 Paperless Recorders: vers:all/<=R5.04.01, GM Data Acquisition System: vers:all/<=R5.05.01, FX1000 Paperless Recorders: vers:all/<=R1.31, μR10000 / μR20000 Chart Recorders: vers:all/<=R1.51, MW100 Data Acquisition Units: vers:all/*, DX1000T / DX2000T Paperless Recorders: vers:all/*, CX1000 / CX2000 Paperless Recorders: vers:all/*, DX1000 / DX2000 / DX1000N Paperless Recorders: vers:all/<=R4.21. Apply the following compensating controls:
HARDENINGConduct security risk assessment with Yokogawa to evaluate device exposure and implement defense-in-depth strategy
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/15f235b7-963b-4a62-9ac0-0b61cde55ad6
Yokogawa Recorder Products | CVSS 9.8 - OTPulse