JVN#17260367
Multiple vulnerabilities in JTEKT ELECTRONICS CORPORATION's products

Overview

HMI ViewJet C-more series and HMI GC-A2 series provided by JTEKT ELECTRONICS CORPORATION contain multiple vulnerabilities.

Products Affected

CVE-2025-24310, CVE-2025-26401

• HMI ViewJet C-more series

• HMI ViewJet C-more series
• HMI GC-A2 series

Description

HMI ViewJet C-more series and HMI GC-A2 series provided by JTEKT ELECTRONICS CORPORATION contain multiple vulnerabilities listed below.

• Improper Restriction of Rendered UI Layers or Frames (CWE-1021)
  • CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score 4.3
  • CVE-2025-24310
• Allocation of Resources Without Limits or Throttling (CWE-770)
  • CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Base Score 5.3
  • CVE-2025-24317
• Unintended Proxy or Intermediary ('Confused Deputy') (CWE-441)
  • CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N Base Score 5.8
  • CVE-2025-25061
• Weak Encoding for Password (CWE-261)
  • CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Base Score 6.5
  • CVE-2025-26401

Impact

• An unauthenticated remote attacker may trick the product user to perform operations on the product's web pages (CVE-2025-24310)
• An unauthenticated remote attacker may cause a denial-of-service (DoS) condition (CVE-2025-24317)
• An unauthenticated remote attacker may use the product as an intermediary for FTP bounce attack (CVE-2025-25061)
• Authentication information may be obtained (CVE-2025-26401)

Solution

HMI ViewJet C-more series
Apply the Workaround
The developer has ended support for the products, and recommends the users to apply the workaround.

HMI GC-A2 series
Apply the Workaround
The developer recommends the users to apply the workaround.

For more information, refer to the information provided by the developer.