Vulnerabilites related to Inaba Denki Sangyo Co., Ltd. - CHOCO TEI WATCHER mini (IB-MCT001)
cve-2025-25211
Vulnerability from cvelistv5
Published
2025-03-31 04:49
Modified
2025-03-31 16:01
Severity ?
EPSS score ?
Summary
Weak password requirements issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a brute-force attack may allow an attacker unauthorized access and login.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inaba Denki Sangyo Co., Ltd. | CHOCO TEI WATCHER mini (IB-MCT001) |
Version: all versions |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-25211", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-31T16:00:36.292801Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-31T16:01:20.073Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "CHOCO TEI WATCHER mini (IB-MCT001)", vendor: "Inaba Denki Sangyo Co., Ltd.", versions: [ { status: "affected", version: "all versions", }, ], }, ], descriptions: [ { lang: "en", value: "Weak password requirements issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a brute-force attack may allow an attacker unauthorized access and login.", }, ], metrics: [ { cvssV3_1: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-521", description: "Weak password requirements", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-31T04:49:19.439Z", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { url: "https://www.inaba.co.jp/files/chocomini_vulnerability.pdf", }, { url: "https://jvn.jp/en/vu/JVNVU91154745/", }, { url: "https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04", }, { url: "https://www.nozominetworks.com/blog/unpatched-vulnerabilities-in-production-line-cameras-may-allow-remote-surveillance-hinder-stoppage-recording", }, ], }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2025-25211", datePublished: "2025-03-31T04:49:19.439Z", dateReserved: "2025-02-13T01:13:11.820Z", dateUpdated: "2025-03-31T16:01:20.073Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-24852
Vulnerability from cvelistv5
Published
2025-03-31 04:49
Modified
2025-03-31 16:02
Severity ?
EPSS score ?
Summary
Storing passwords in a recoverable format issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, an attacker who can access the microSD card used on the product may obtain the product login password.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inaba Denki Sangyo Co., Ltd. | CHOCO TEI WATCHER mini (IB-MCT001) |
Version: all versions |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-24852", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-31T16:01:40.322037Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-31T16:02:38.648Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "CHOCO TEI WATCHER mini (IB-MCT001)", vendor: "Inaba Denki Sangyo Co., Ltd.", versions: [ { status: "affected", version: "all versions", }, ], }, ], descriptions: [ { lang: "en", value: "Storing passwords in a recoverable format issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, an attacker who can access the microSD card used on the product may obtain the product login password.", }, ], metrics: [ { cvssV3_1: { baseScore: 4.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-257", description: "Storing passwords in a recoverable format", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-31T04:49:07.988Z", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { url: "https://www.inaba.co.jp/files/chocomini_vulnerability.pdf", }, { url: "https://jvn.jp/en/vu/JVNVU91154745/", }, { url: "https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04", }, { url: "https://www.nozominetworks.com/blog/unpatched-vulnerabilities-in-production-line-cameras-may-allow-remote-surveillance-hinder-stoppage-recording", }, ], }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2025-24852", datePublished: "2025-03-31T04:49:07.988Z", dateReserved: "2025-02-13T01:13:13.769Z", dateUpdated: "2025-03-31T16:02:38.648Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-24517
Vulnerability from cvelistv5
Published
2025-03-31 04:48
Modified
2025-03-31 12:59
Severity ?
EPSS score ?
Summary
Use of client-side authentication issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a remote attacker may obtain the product login password without authentication.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inaba Denki Sangyo Co., Ltd. | CHOCO TEI WATCHER mini (IB-MCT001) |
Version: all versions |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-24517", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-31T12:59:27.616832Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-31T12:59:34.323Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "CHOCO TEI WATCHER mini (IB-MCT001)", vendor: "Inaba Denki Sangyo Co., Ltd.", versions: [ { status: "affected", version: "all versions", }, ], }, ], descriptions: [ { lang: "en", value: "Use of client-side authentication issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a remote attacker may obtain the product login password without authentication.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-603", description: "Use of client-side authentication", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-31T04:48:57.473Z", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { url: "https://www.inaba.co.jp/files/chocomini_vulnerability.pdf", }, { url: "https://jvn.jp/en/vu/JVNVU91154745/", }, { url: "https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04", }, { url: "https://www.nozominetworks.com/blog/unpatched-vulnerabilities-in-production-line-cameras-may-allow-remote-surveillance-hinder-stoppage-recording", }, ], }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2025-24517", datePublished: "2025-03-31T04:48:57.473Z", dateReserved: "2025-02-13T01:13:12.880Z", dateUpdated: "2025-03-31T12:59:34.323Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-26689
Vulnerability from cvelistv5
Published
2025-03-31 04:49
Modified
2025-03-31 15:58
Severity ?
EPSS score ?
Summary
Direct request ('Forced Browsing') issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If a remote attacker sends a specially crafted HTTP request to the product, the product data may be obtained or deleted, and/or the product settings may be altered.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inaba Denki Sangyo Co., Ltd. | CHOCO TEI WATCHER mini (IB-MCT001) |
Version: all versions |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-26689", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-31T15:58:43.306787Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-31T15:58:55.013Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "CHOCO TEI WATCHER mini (IB-MCT001)", vendor: "Inaba Denki Sangyo Co., Ltd.", versions: [ { status: "affected", version: "all versions", }, ], }, ], descriptions: [ { lang: "en", value: "Direct request ('Forced Browsing') issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If a remote attacker sends a specially crafted HTTP request to the product, the product data may be obtained or deleted, and/or the product settings may be altered.", }, ], metrics: [ { cvssV3_1: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-425", description: "Direct request ('Forced Browsing')", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-31T04:49:30.059Z", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { url: "https://www.inaba.co.jp/files/chocomini_vulnerability.pdf", }, { url: "https://jvn.jp/en/vu/JVNVU91154745/", }, { url: "https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04", }, { url: "https://www.nozominetworks.com/blog/unpatched-vulnerabilities-in-production-line-cameras-may-allow-remote-surveillance-hinder-stoppage-recording", }, ], }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2025-26689", datePublished: "2025-03-31T04:49:30.059Z", dateReserved: "2025-02-13T01:13:10.937Z", dateUpdated: "2025-03-31T15:58:55.013Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
jvndb-2025-002592
Vulnerability from jvndb
Published
2025-03-26 13:25
Modified
2025-03-26 13:25
Severity ?
Summary
Multiple vulnerabilities in CHOCO TEI WATCHER mini
Details
CHOCO TEI WATCHER mini provided by Inaba Denki Sangyo Co., Ltd. contains multiple vulnerabilities listed below.
* Use of client-side authentication (CWE-603) - CVE-2025-24517
* Storing passwords in a recoverable format (CWE-257) - CVE-2025-24852
* Weak password requirements (CWE-521) - CVE-2025-25211
* Forced browsing (CWE-425) - CVE-2025-26689
Andrea Palanca of Nozomi Networks reported these vulnerabilities to the developer and CISA ICS.
JPCERT/CC coordinated with the reporter, CISA ICS, and the developer.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/vu/JVNVU91154745/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2025-24517 | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2025-24852 | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2025-25211 | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2025-26689 | |
| ICS-CERT ADVISORY | https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04 | |
| Related document | https://www.nozominetworks.com/blog/unpatched-vulnerabilities-in-production-line-cameras-may-allow-remote-surveillance-hinder-stoppage-recording | |
| Storing Passwords in a Recoverable Format(CWE-257) | https://cwe.mitre.org/data/definitions/257.html | |
| Direct Request ('Forced Browsing')(CWE-425) | https://cwe.mitre.org/data/definitions/425.html | |
| Weak Password Requirements(CWE-521) | https://cwe.mitre.org/data/definitions/521.html | |
| Use of Client-Side Authentication(CWE-603) | https://cwe.mitre.org/data/definitions/603.html |
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-002592.html", "dc:date": "2025-03-26T13:25+09:00", "dcterms:issued": "2025-03-26T13:25+09:00", "dcterms:modified": "2025-03-26T13:25+09:00", description: "CHOCO TEI WATCHER mini provided by Inaba Denki Sangyo Co., Ltd. contains multiple vulnerabilities listed below.\r\n\r\n* Use of client-side authentication (CWE-603) - CVE-2025-24517\r\n* Storing passwords in a recoverable format (CWE-257) - CVE-2025-24852\r\n* Weak password requirements (CWE-521) - CVE-2025-25211\r\n* Forced browsing (CWE-425) - CVE-2025-26689\r\n\r\nAndrea Palanca of Nozomi Networks reported these vulnerabilities to the developer and CISA ICS.\r\nJPCERT/CC coordinated with the reporter, CISA ICS, and the developer.", link: "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-002592.html", "sec:cpe": { "#text": "cpe:/o:inaba:choco_tei_watcher_mini", "@product": "CHOCO TEI WATCHER mini (IB-MCT001)", "@vendor": "INABA DENKI SANGYO CO., LTD.", "@version": "2.2", }, "sec:cvss": { "@score": "9.8", "@severity": "Critical", "@type": "Base", "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "@version": "3.0", }, "sec:identifier": "JVNDB-2025-002592", "sec:references": [ { "#text": "https://jvn.jp/en/vu/JVNVU91154745/index.html", "@id": "JVNVU#91154745", "@source": "JVN", }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2025-24517", "@id": "CVE-2025-24517", "@source": "CVE", }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2025-24852", "@id": "CVE-2025-24852", "@source": "CVE", }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2025-25211", "@id": "CVE-2025-25211", "@source": "CVE", }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2025-26689", "@id": "CVE-2025-26689", "@source": "CVE", }, { "#text": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04", "@id": "ICSA-25-084-04", "@source": "ICS-CERT ADVISORY", }, { "#text": "https://www.nozominetworks.com/blog/unpatched-vulnerabilities-in-production-line-cameras-may-allow-remote-surveillance-hinder-stoppage-recording", "@id": "Unpatched Vulnerabilities in Production Line Cameras May Allow Remote Surveillance, Hinder Stoppage Recording", "@source": "Related document", }, { "#text": "https://cwe.mitre.org/data/definitions/257.html", "@id": "CWE-257", "@title": "Storing Passwords in a Recoverable Format(CWE-257)", }, { "#text": "https://cwe.mitre.org/data/definitions/425.html", "@id": "CWE-425", "@title": "Direct Request ('Forced Browsing')(CWE-425)", }, { "#text": "https://cwe.mitre.org/data/definitions/521.html", "@id": "CWE-521", "@title": "Weak Password Requirements(CWE-521)", }, { "#text": "https://cwe.mitre.org/data/definitions/603.html", "@id": "CWE-603", "@title": "Use of Client-Side Authentication(CWE-603)", }, ], title: "Multiple vulnerabilities in CHOCO TEI WATCHER mini", }