[Japanese]

JVNDB-2025-014793

NIHON KOHDEN Central Monitor CNS-6201 vulnerable to NULL pointer dereference

Overview

Central Monitor CNS-6201 provided by NIHON KOHDEN CORPORATION contains the following vulnerability.
  • NULL pointer dereference (CWE-476) - CVE-2025-59668

Jared P. Quinn of QuinnTech.ai discovered and reported the vulnerability to the developer and CISA. Cooperating with CISA, JPCERT/CC coordinated between the reporter and the developer.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 7.5 (High) [Other]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High
Affected Products


NIHON KOHDEN CORPORATION
  • Central Monitor CNS-6201 versions 01-03, 01-04, 01-05, 01-06, 02-10, 02-11, and 02-40

The affected product is no longer supported. For more information, refer to the information provided by the developer.
Impact

When processing a crafted certain UDP packet, the affected device may abnormally terminate.
Solution

[Stop using End-of-Support products]
The product versions affected by the vulnerability are no longer supported. Stop using the vulnerable products and consider switching to alternatives.
For more information, refer to the information provided by the developer.
Vendor Information

NIHON KOHDEN CORPORATION
CWE (What is CWE?)

  1. NULL Pointer Dereference(CWE-476) [Other]
CVE (What is CVE?)

  1. CVE-2025-59668
References

  1. JVN : JVNVU#96989989
  2. ICS-CERT ADVISORY : ICSMA-25-296-01
Revision History

  • [2025/10/01]
      Web page was published
  • [2025/10/06]
      Vendor Information : Content was modified
  • [2025/10/27]
      References : Content was added

Date Public2025/09/30
Date First Published2025/10/01
Date Last Updated2025/10/27