Search

Find a vulnerability

Search criteria

    9 vulnerabilities found for HMI ViewJet C-more series by JTEKT ELECTRONICS CORPORATION

    CVE-2025-26401 (GCVE-0-2025-26401)

    Vulnerability from nvd – Published: 2025-04-04 02:10 – Updated: 2025-04-04 14:20
    VLAI
    Summary
    Weak encoding for password vulnerability exists in HMI ViewJet C-more series. If this vulnerability is exploited, authentication information may be obtained by a local authenticated attacker.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-261 - Weak encoding for password
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-26401",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-04T14:20:14.818790Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-04T14:20:28.042Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HMI ViewJet C-more series",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Weak encoding for password vulnerability exists in HMI ViewJet C-more series. If this vulnerability is exploited, authentication information may be obtained by a local authenticated attacker."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-261",
                  "description": "Weak encoding for password",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-04T02:10:17.818Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.electronics.jtekt.co.jp/en/topics/202503207271/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN17260367/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-26401",
        "datePublished": "2025-04-04T02:10:17.818Z",
        "dateReserved": "2025-03-18T01:13:11.370Z",
        "dateUpdated": "2025-04-04T14:20:28.042Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-25061 (GCVE-0-2025-25061)

    Vulnerability from nvd – Published: 2025-04-04 02:10 – Updated: 2025-04-04 14:21
    VLAI
    Summary
    Unintended proxy or intermediary ('Confused Deputy') issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to use the product as an intermediary for FTP bounce attack.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-441 - Unintended proxy or intermediary ('Confused Deputy')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-25061",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-04T14:20:50.585279Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-04T14:21:05.467Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HMI ViewJet C-more series",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "product": "HMI GC-A2 series",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Unintended proxy or intermediary (\u0027Confused Deputy\u0027) issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to use the product as an intermediary for FTP bounce attack."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-441",
                  "description": "Unintended proxy or intermediary (\u0027Confused Deputy\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-04T02:10:08.271Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.electronics.jtekt.co.jp/en/topics/202503207271/"
            },
            {
              "url": "https://www.electronics.jtekt.co.jp/en/topics/202503207269/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN17260367/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-25061",
        "datePublished": "2025-04-04T02:10:08.271Z",
        "dateReserved": "2025-03-18T01:13:13.360Z",
        "dateUpdated": "2025-04-04T14:21:05.467Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-24317 (GCVE-0-2025-24317)

    Vulnerability from nvd – Published: 2025-04-04 02:09 – Updated: 2025-04-04 14:21
    VLAI
    Summary
    Allocation of resources without limits or throttling issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to cause a denial-of-service (DoS) condition.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of resources without limits or throttling
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-24317",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-04T14:21:19.158696Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-04T14:21:28.397Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HMI ViewJet C-more series",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "product": "HMI GC-A2 series",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Allocation of resources without limits or throttling issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to cause a denial-of-service (DoS) condition."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "Allocation of resources without limits or throttling",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-04T02:09:58.316Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.electronics.jtekt.co.jp/en/topics/202503207271/"
            },
            {
              "url": "https://www.electronics.jtekt.co.jp/en/topics/202503207269/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN17260367/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-24317",
        "datePublished": "2025-04-04T02:09:58.316Z",
        "dateReserved": "2025-03-18T01:13:12.236Z",
        "dateUpdated": "2025-04-04T14:21:28.397Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-24310 (GCVE-0-2025-24310)

    Vulnerability from nvd – Published: 2025-04-04 02:09 – Updated: 2025-04-04 14:21
    VLAI
    Summary
    Improper restriction of rendered UI layers or frames issue exists in HMI ViewJet C-more series, which may allow a remote unauthenticated attacker to trick the product user to perform operations on the product's web pages.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1021 - Improper restriction of rendered UI layers or frames
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-24310",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-04T14:21:43.727821Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-04T14:21:59.425Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HMI ViewJet C-more series",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper restriction of rendered UI layers or frames issue exists in HMI ViewJet C-more series, which may allow a remote unauthenticated attacker to trick the product user to perform operations on the product\u0027s web pages."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1021",
                  "description": "Improper restriction of rendered UI layers or frames",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-04T02:09:41.821Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.electronics.jtekt.co.jp/en/topics/202503207271/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN17260367/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-24310",
        "datePublished": "2025-04-04T02:09:41.821Z",
        "dateReserved": "2025-03-18T01:13:14.313Z",
        "dateUpdated": "2025-04-04T14:21:59.425Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-26401 (GCVE-0-2025-26401)

    Vulnerability from cvelistv5 – Published: 2025-04-04 02:10 – Updated: 2025-04-04 14:20
    VLAI
    Summary
    Weak encoding for password vulnerability exists in HMI ViewJet C-more series. If this vulnerability is exploited, authentication information may be obtained by a local authenticated attacker.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-261 - Weak encoding for password
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-26401",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-04T14:20:14.818790Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-04T14:20:28.042Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HMI ViewJet C-more series",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Weak encoding for password vulnerability exists in HMI ViewJet C-more series. If this vulnerability is exploited, authentication information may be obtained by a local authenticated attacker."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-261",
                  "description": "Weak encoding for password",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-04T02:10:17.818Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.electronics.jtekt.co.jp/en/topics/202503207271/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN17260367/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-26401",
        "datePublished": "2025-04-04T02:10:17.818Z",
        "dateReserved": "2025-03-18T01:13:11.370Z",
        "dateUpdated": "2025-04-04T14:20:28.042Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-25061 (GCVE-0-2025-25061)

    Vulnerability from cvelistv5 – Published: 2025-04-04 02:10 – Updated: 2025-04-04 14:21
    VLAI
    Summary
    Unintended proxy or intermediary ('Confused Deputy') issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to use the product as an intermediary for FTP bounce attack.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-441 - Unintended proxy or intermediary ('Confused Deputy')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-25061",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-04T14:20:50.585279Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-04T14:21:05.467Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HMI ViewJet C-more series",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "product": "HMI GC-A2 series",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Unintended proxy or intermediary (\u0027Confused Deputy\u0027) issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to use the product as an intermediary for FTP bounce attack."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-441",
                  "description": "Unintended proxy or intermediary (\u0027Confused Deputy\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-04T02:10:08.271Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.electronics.jtekt.co.jp/en/topics/202503207271/"
            },
            {
              "url": "https://www.electronics.jtekt.co.jp/en/topics/202503207269/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN17260367/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-25061",
        "datePublished": "2025-04-04T02:10:08.271Z",
        "dateReserved": "2025-03-18T01:13:13.360Z",
        "dateUpdated": "2025-04-04T14:21:05.467Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-24317 (GCVE-0-2025-24317)

    Vulnerability from cvelistv5 – Published: 2025-04-04 02:09 – Updated: 2025-04-04 14:21
    VLAI
    Summary
    Allocation of resources without limits or throttling issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to cause a denial-of-service (DoS) condition.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of resources without limits or throttling
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-24317",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-04T14:21:19.158696Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-04T14:21:28.397Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HMI ViewJet C-more series",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "product": "HMI GC-A2 series",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Allocation of resources without limits or throttling issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to cause a denial-of-service (DoS) condition."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "Allocation of resources without limits or throttling",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-04T02:09:58.316Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.electronics.jtekt.co.jp/en/topics/202503207271/"
            },
            {
              "url": "https://www.electronics.jtekt.co.jp/en/topics/202503207269/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN17260367/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-24317",
        "datePublished": "2025-04-04T02:09:58.316Z",
        "dateReserved": "2025-03-18T01:13:12.236Z",
        "dateUpdated": "2025-04-04T14:21:28.397Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-24310 (GCVE-0-2025-24310)

    Vulnerability from cvelistv5 – Published: 2025-04-04 02:09 – Updated: 2025-04-04 14:21
    VLAI
    Summary
    Improper restriction of rendered UI layers or frames issue exists in HMI ViewJet C-more series, which may allow a remote unauthenticated attacker to trick the product user to perform operations on the product's web pages.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1021 - Improper restriction of rendered UI layers or frames
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-24310",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-04T14:21:43.727821Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-04T14:21:59.425Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HMI ViewJet C-more series",
              "vendor": "JTEKT ELECTRONICS CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper restriction of rendered UI layers or frames issue exists in HMI ViewJet C-more series, which may allow a remote unauthenticated attacker to trick the product user to perform operations on the product\u0027s web pages."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1021",
                  "description": "Improper restriction of rendered UI layers or frames",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-04T02:09:41.821Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.electronics.jtekt.co.jp/en/topics/202503207271/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN17260367/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-24310",
        "datePublished": "2025-04-04T02:09:41.821Z",
        "dateReserved": "2025-03-18T01:13:14.313Z",
        "dateUpdated": "2025-04-04T14:21:59.425Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2025-000022

    Vulnerability from jvndb - Published: 2025-04-02 15:12 - Updated:2025-04-02 15:12
    Severity
    Summary
    Multiple vulnerabilities in JTEKT ELECTRONICS CORPORATION's products
    Details
    HMI ViewJet C-more series and HMI GC-A2 series provided by JTEKT ELECTRONICS CORPORATION contain multiple vulnerabilities listed below.
    • Improper Restriction of Rendered UI Layers or Frames (CWE-1021) - CVE-2025-24310
    • Allocation of Resources Without Limits or Throttling (CWE-770) - CVE-2025-24317
    • Unintended Proxy or Intermediary ('Confused Deputy') (CWE-441) - CVE-2025-25061
    • Weak Encoding for Password (CWE-261) - CVE-2025-26401
    JTEKT ELECTRONICS CORPORATION reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and JTEKT ELECTRONICS CORPORATION coordinated under the Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000022.html",
      "dc:date": "2025-04-02T15:12+09:00",
      "dcterms:issued": "2025-04-02T15:12+09:00",
      "dcterms:modified": "2025-04-02T15:12+09:00",
      "description": "HMI ViewJet C-more series and HMI GC-A2 series provided by JTEKT ELECTRONICS CORPORATION contain multiple vulnerabilities listed below.\r\n\r\n\u003cul\u003e\r\n\t\u003cli\u003eImproper Restriction of Rendered UI Layers or Frames (CWE-1021) - CVE-2025-24310\u003c/li\u003e\r\n\t\u003cli\u003eAllocation of Resources Without Limits or Throttling (CWE-770) - CVE-2025-24317\u003c/li\u003e\r\n\t\u003cli\u003eUnintended Proxy or Intermediary (\u0026#39;Confused Deputy\u0026#39;) (CWE-441) - CVE-2025-25061\u003c/li\u003e\r\n\t\u003cli\u003eWeak Encoding for Password (CWE-261) - CVE-2025-26401\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\r\nJTEKT ELECTRONICS CORPORATION reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN.\r\nJPCERT/CC and JTEKT ELECTRONICS CORPORATION coordinated under the Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000022.html",
      "sec:cpe": [
        {
          "#text": "cpe:/o:jtekt:hmi_gc-a2_series",
          "@product": "HMI GC-A2 Series",
          "@vendor": "JTEKT ELECTRONICS CORPORATION",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:jtekt:hmi_viewjet_c-more_series",
          "@product": "HMI ViewJet C-more Series",
          "@vendor": "JTEKT ELECTRONICS CORPORATION",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "6.5",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2025-000022",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN17260367/index.html",
          "@id": "JVN#17260367",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-24306",
          "@id": "CVE-2025-24310",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-24317",
          "@id": "CVE-2025-24317",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-25061",
          "@id": "CVE-2025-25061",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-26401",
          "@id": "CVE-2025-26401",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Multiple vulnerabilities in JTEKT ELECTRONICS CORPORATION\u0027s products"
    }