Vulnerability Information

Vulnerability Information

Credit

Inquiries Concerning Product Security

Vulnerability Disclosure Policy

Vulnerability List

2025

2024

2023

2022

Release Date Database ID Affected products Affected customers Description Reporter
Dec. 16, 2025 JVNVU#92827367 CHOCO TEI WATCHER mini (IB-MCT001) all versions Customers using affected CHOCO TEI WATCHER mini CHOCO TEI WATCHER mini provided by Inaba Denki Sangyo Co., Ltd. contains multiple vulnerabilities listed below. (PDF, Text in Japanese.) 1. Clickjacking 2. Improper Check for Unusual or Exceptional Conditions 3. Improper Check for Unusual or Exceptional Conditions JTEKT ELECTRONICS Quality Control Dept.
CVE-2025-59479
CVE-2025-61976
CVE-2025-66357
Mar. 25, 2025 JVNVU#91154745 CHOCO TEI WATCHER mini (IB-MCT001) all versions Customers using affected CHOCO TEI WATCHER mini CHOCO TEI WATCHER mini provided by Inaba Denki Sangyo Co., Ltd. contains multiple vulnerabilities listed below. (PDF, Text in Japanese.) 1. Use of client-side authentication 2. Storing passwords in a recoverable format 3. Weak password requirements 4. Forced browsing These vulnerabilities were discovered by: Andrea Palanca of Nozomi Networks
CVE-2025-24517
CVE-2025-24852
CVE-2025-25211
CVE-2025-26689
Mar. 24, 2025 JVN#17260367 HMI VeiwJet C-more series: EA7-S6M-S EA7-S6C-S EA7-T6C-S EA7-T8C-S EA7-T10C-S EA7-T10C-SG EA7-T12C-S EA7-T15C-S Customers using affected HMIs HMI View Jet C-more series contain multiple vulnerabilities listed below. 1. Clickjacking vulnerability in Web service 2. Denial-of-service (DoS) vulnerability 3. FTP Bounce Vulnerability 4. Weak encoding of credentials stored in project files JTEKT ELECTRONICS Quality Control Dept.
CVE-2025-24310
CVE-2025-26401
CVE-2025-24317
CVE-2025-25061
Mar. 24, 2025 JVN#83462467 HMI GC-A2 series: GC-A22W-CW GC-A24W-C(W) GC-A26W-C(W) GC-A24 GC-A24-M GC-A25 GC-A26 GC-A26-J2 GC-A27-C GC-A28-C Customers using affected HMIs HMI GC-A2 series contain multiple vulnerabilities listed below. 1. FTP Bounce Vulnerability 2. Denial-of-service (DoS) vulnerability JTEKT ELECTRONICS Quality Control Dept.
CVE-2025-24317
CVE-2025-25061
Oct. 02, 2024 JVNVU#92808077 Kostac PLC Programming Software (KPP) Former name: Koyo PLC Programming Software Kostac PLC Programming Software Version 1.6.14.0 and earlier Information disclosure and/or arbitrary code execution may occur. These vulnerabilities was discovered by: Michael Heinzl
CVE-2024-47134
CVE-2024-47135
CVE-2024-47136
Dec. 11, 2023 JVN#34145838 HMI GC-A2 series: GC-A22W-CW GC-A24W-C(W) GC-A26W-C(W) GC-A24 GC-A24-M GC-A25 GC-A26 GC-A26-J2 GC-A27-C GC-A28-C Customers using affected HMIs HMI GC-A2 series has a denial of service (DoS) vulnerability. JTEKT ELECTRONICS CORPORATION SQA Team
CVE-2023-41963
CVE-2023-49140
CVE-2023-49143
CVE-2023-49713
Oct. 17, 2023 JVNVU#98392064 OnSinView2 OnSinView2 Version 2.0.1 and earlier Information disclosure and/or arbitrary code execution may occur. These vulnerabilities was discovered by:Michael Heinzl
CVE-2023-42506
CVE-2023-42507
Sep. 12, 2023 JVNVU#95282683 Kostac PLC Programming Software(KPP) Former name:Koyo PLC Programming Software Kostac PLC Programming Software Version 1.6.11.0 and earlier Information disclosure and/or arbitrary code execution may occur. These vulnerabilities was discovered by : Michael Heinzl
CVE-2023-41374
CVE-2023-41375
Mar. 31, 2023 JVNVU#99710864 Screen Creator Advance2 (SCA2) Screen Creator Advance2 Ver.0.1.1.4 Build01A and earlier Information disclosure and/or arbitrary code execution may occur. This vulnerability was discovered by:Michael Heinzl
CVE-2023-25755
Mar. 03, 2023 JVNVU# 94966432 Kostac PLC Programming Software (KPP) Former name: Koyo PLC Programming Software Kostac PLC Programming Software Version 1.6.9.0 and earlier Information disclosure and/or arbitrary code execution may occur. These vulnerabilities was discovered by: Michael Heinzl
CVE-2023-22419
CVE-2023-22421
CVE-2023-22424
Feb. 03, 2023 JVNVU#98917488 Screen Creator Advance2(SCA2) Screen Creator Advance2 Ver.0.1.1.4 Build01 and earlier Information disclosure and/or arbitrary code execution may occur. These vulnerabilities was discovered by: Michael Heinzl
CVE-2023-22345
CVE-2023-22346
CVE-2023-22347
CVE-2023-22349
CVE-2023-22350
CVE-2023-22353
CVE-2023-22360
Nov. 18, 2022 CVE-2022-2003 PLC series: DL05 DL06 DL205 DL405 SJ SJ-ETHER SZ SU SL SR-1T PZ Customers using the affected PLC series and using the password function. A vulnerability has been discovered that could allow a remote or local third party to steal passwords when using the password function in our PLC products. This vulnerability was discovered by: Sam Hanson (DRAGOS, INC.)
CVE-2022-2004
May. 09, 2022 JVN#50337155 HMI GC-A2 series: GC-A22W-CW GC-A24W-C(W) GC-A26W-C(W) GC-A24 GC-A24-M GC-A25 GC-A26 GC-A26-J2 Product: Screen Creator Advance 2 Version: Prior to Ver.0.1.1.3 Build01 In prior to Ver.0.1.1.3 Build01, there is a vulnerability that allows you to authenticate without entering authentication information if you try remote control while satisfying multiple conditions. JTEKT ELECTRONICS CORPORATION formerly known as KOYO ELECTRONICS INDUSTRIES COMPANY LIMITED SQA Team
CVE-2022-29518
Mar. 15, 2022 ZDI-22-543 ZDI-CAN-14868 Screen Creator Advance2(SCA2) Product: Screen Creator Advance 2 Version: Ver.0.1.1.1 Build02 and earlier Remote code execution vulnerability caused stack based buffer overflow in file parsing. This vulnerability was discovered by: Tran Van Khang-khangkito (VinCSS) working with Trend Micro Zero Day Initiative.
JVN#98676431

Vulnerability Information