[Japanese]
|
JVNDB-2025-000022
|
Multiple vulnerabilities in JTEKT ELECTRONICS CORPORATION's products
|
HMI ViewJet C-more series and HMI GC-A2 series provided by JTEKT ELECTRONICS CORPORATION contain multiple vulnerabilities listed below.
- Improper Restriction of Rendered UI Layers or Frames (CWE-1021) - CVE-2025-24310
- Allocation of Resources Without Limits or Throttling (CWE-770) - CVE-2025-24317
- Unintended Proxy or Intermediary ('Confused Deputy') (CWE-441) - CVE-2025-25061
- Weak Encoding for Password (CWE-261) - CVE-2025-26401
JTEKT ELECTRONICS CORPORATION reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN.
JPCERT/CC and JTEKT ELECTRONICS CORPORATION coordinated under the Information Security Early Warning Partnership.
|
CVSS V3 Severity: Base Metrics 6.5 (Medium) [IPA Score]
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Changed
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
The above CVSS base scores have been assigned for CVE-2025-26401
|
CVSS V3 Severity:
Base Metrics
5.8 (Medium) [IPA Score]
-
Attack Vector: Network
-
Attack Complexity: Low
-
Privileges Required: None
-
User Interaction: None
-
Scope: Changed
-
Confidentiality Impact: None
-
Integrity Impact: Low
-
Availability Impact: None
The above CVSS base scores have been assigned for CVE-2025-25061
|
CVSS V3 Severity:
Base Metrics
5.3 (Medium) [IPA Score]
-
Attack Vector: Network
-
Attack Complexity: Low
-
Privileges Required: None
-
User Interaction: None
-
Scope: Unchanged
-
Confidentiality Impact: None
-
Integrity Impact: None
-
Availability Impact: Low
The above CVSS base scores have been assigned for CVE-2025-24317
|
CVSS V3 Severity:
Base Metrics
4.3 (Medium) [IPA Score]
-
Attack Vector: Network
-
Attack Complexity: Low
-
Privileges Required: None
-
User Interaction: Required
-
Scope: Unchanged
-
Confidentiality Impact: None
-
Integrity Impact: Low
-
Availability Impact: None
The above CVSS base scores have been assigned for CVE-2025-24310
|
|
JTEKT ELECTRONICS CORPORATION
- HMI GC-A2 Series (CVE-2025-24317, CVE-2025-25061)
- HMI ViewJet C-more Series (CVE-2025-24310, CVE-2025-24317, CVE-2025-25061, CVE-2025-26401)
|
|
- An unauthenticated remote attacker may trick the product user to perform operations on the product's web pages (CVE-2025-24310)
- An unauthenticated remote attacker may cause a denial-of-service (DoS) condition (CVE-2025-24317)
- An unauthenticated remote attacker may use the product as an intermediary for FTP bounce attack (CVE-2025-25061)
- Authentication information may be obtained (CVE-2025-26401)
|
HMI ViewJet C-more series
[Apply the Workaround]
The developer has ended support for the products, and recommends the users to apply the workaround.
HMI GC-A2 series
[Apply the Workaround]
The developer recommends the users to apply the workaround.
For more information, refer to the information provided by the developer.
|
JTEKT ELECTRONICS CORPORATION
|
- No Mapping(CWE-Other) [IPA Evaluation]
|
- CVE-2025-24310
- CVE-2025-24317
- CVE-2025-25061
- CVE-2025-26401
|
- JVN : JVN#17260367
|
- [2025/04/02]
Web page was published
|