Vulnerability Information

Vulnerability List

2025

2024

2023

2022

Release Date	Database ID	Affected products	Affected customers	Description	Reporter
Mar. 25, 2025	JVNVU#91154745	CHOCO TEI WATCHER mini (IB-MCT001) all versions	Customers using affected CHOCO TEI WATCHER mini	CHOCO TEI WATCHER mini provided by Inaba Denki Sangyo Co., Ltd. contains multiple vulnerabilities listed below. (PDF, Text in Japanese.) 1. Use of client-side authentication 2. Storing passwords in a recoverable format 3. Weak password requirements 4. Forced browsing	These vulnerabilities were discovered by: Andrea Palanca of Nozomi Networks
	CVE-2025-24517
	CVE-2025-24852
	CVE-2025-25211
	CVE-2025-26689
Mar. 24, 2025	JVN#17260367	HMI VeiwJet C-more series: EA7-S6M-S EA7-S6C-S EA7-T6C-S EA7-T8C-S EA7-T10C-S EA7-T10C-SG EA7-T12C-S EA7-T15C-S	Customers using affected HMIs	HMI View Jet C-more series contain multiple vulnerabilities listed below. 1. Clickjacking vulnerability in Web service 2. Denial-of-service (DoS) vulnerability 3. FTP Bounce Vulnerability 4. Weak encoding of credentials stored in project files	JTEKT ELECTRONICS Quality Control Dept.
	CVE-2025-24310
	CVE-2025-26401
	CVE-2025-24317
	CVE-2025-25061
Mar. 24, 2025	JVN#83462467	HMI GC-A2 series: GC-A22W-CW GC-A24W-C(W) GC-A26W-C(W) GC-A24 GC-A24-M GC-A25 GC-A26 GC-A26-J2 GC-A27-C GC-A28-C	Customers using affected HMIs	HMI GC-A2 series contain multiple vulnerabilities listed below. 1. FTP Bounce Vulnerability 2. Denial-of-service (DoS) vulnerability	JTEKT ELECTRONICS Quality Control Dept.
	CVE-2025-24317
	CVE-2025-25061
Oct. 02, 2024	JVNVU#92808077	Kostac PLC Programming Software (KPP) Former name: Koyo PLC Programming Software	Kostac PLC Programming Software Version 1.6.14.0 and earlier	Information disclosure and/or arbitrary code execution may occur.	These vulnerabilities was discovered by: Michael Heinzl
	CVE-2024-47134
	CVE-2024-47135
	CVE-2024-47136
Dec. 11, 2023	JVN#34145838	HMI GC-A2 series: GC-A22W-CW GC-A24W-C(W) GC-A26W-C(W) GC-A24 GC-A24-M GC-A25 GC-A26 GC-A26-J2 GC-A27-C GC-A28-C	Customers using affected HMIs	HMI GC-A2 series has a denial of service (DoS) vulnerability.	JTEKT ELECTRONICS CORPORATION SQA Team
	CVE-2023-41963
	CVE-2023-49140
	CVE-2023-49143
	CVE-2023-49713
Oct. 17, 2023	JVNVU#98392064	OnSinView2	OnSinView2 Version 2.0.1 and earlier	Information disclosure and/or arbitrary code execution may occur.	These vulnerabilities was discovered by:Michael Heinzl
	CVE-2023-42506
	CVE-2023-42507
Sep. 12, 2023	JVNVU#95282683	Kostac PLC Programming Software(KPP) Former name:Koyo PLC Programming Software	Kostac PLC Programming Software Version 1.6.11.0 and earlier	Information disclosure and/or arbitrary code execution may occur.	These vulnerabilities was discovered by : Michael Heinzl
	CVE-2023-41374
	CVE-2023-41375
Mar. 31, 2023	JVNVU#99710864	Screen Creator Advance2 (SCA2)	Screen Creator Advance2 Ver.0.1.1.4 Build01A and earlier	Information disclosure and/or arbitrary code execution may occur.	This vulnerability was discovered by:Michael Heinzl
Mar. 31, 2023	CVE-2023-25755	Screen Creator Advance2 (SCA2)	Screen Creator Advance2 Ver.0.1.1.4 Build01A and earlier		This vulnerability was discovered by:Michael Heinzl
Mar. 03, 2023	JVNVU# 94966432	Kostac PLC Programming Software (KPP) Former name: Koyo PLC Programming Software	Kostac PLC Programming Software Version 1.6.9.0 and earlier	Information disclosure and/or arbitrary code execution may occur.	These vulnerabilities was discovered by: Michael Heinzl
	CVE-2023-22419
	CVE-2023-22421
	CVE-2023-22424
Feb. 03, 2023	JVNVU#98917488	Screen Creator Advance2(SCA2)	Screen Creator Advance2 Ver.0.1.1.4 Build01 and earlier	Information disclosure and/or arbitrary code execution may occur.	These vulnerabilities was discovered by: Michael Heinzl
	CVE-2023-22345
	CVE-2023-22346
	CVE-2023-22347
	CVE-2023-22349
	CVE-2023-22350
	CVE-2023-22353
	CVE-2023-22360
Nov. 18, 2022	CVE-2022-2003	PLC series： DL05 DL06 DL205 DL405 SJ SJ-ETHER SZ SU SL SR-1T PZ	Customers using the affected PLC series and using the password function.	A vulnerability has been discovered that could allow a remote or local third party to steal passwords when using the password function in our PLC products.	This vulnerability was discovered by: Sam Hanson (DRAGOS, INC.)
Nov. 18, 2022	CVE-2022-2004
May. 09, 2022	JVN#50337155	HMI GC-A2 series： GC-A22W-CW GC-A24W-C(W) GC-A26W-C(W) GC-A24 GC-A24-M GC-A25 GC-A26 GC-A26-J2	Product: Screen Creator Advance 2 Version: Prior to Ver.0.1.1.3 Build01	In prior to Ver.0.1.1.3 Build01, there is a vulnerability that allows you to authenticate without entering authentication information if you try remote control while satisfying multiple conditions.	JTEKT ELECTRONICS CORPORATION formerly known as KOYO ELECTRONICS INDUSTRIES COMPANY LIMITED SQA Team
May. 09, 2022	CVE-2022-29518
Mar. 15, 2022	ZDI-22-543 ZDI-CAN-14868	Screen Creator Advance2(SCA2)	Product: Screen Creator Advance 2 Version: Ver.0.1.1.1 Build02 and earlier	Remote code execution vulnerability caused stack based buffer overflow in file parsing.	This vulnerability was discovered by: Tran Van Khang-khangkito (VinCSS) working with Trend Micro Zero Day Initiative.
Mar. 15, 2022	JVN#98676431	Screen Creator Advance2(SCA2)

Vulnerability Information

Mar. 24, 2025 Vulnerability Information [Update notice] HMI GC-A2 series
Mar. 24, 2025 Vulnerability Information [Update notice] HMI View Jet C-more series
Oct. 2, 2024 Vulnerability Information [Update notice] Kostac PLC Programming Software (KPP)
Dec. 11, 2023 Vulnerability Information [Update notice] HMI GC-A2 series
Oct. 17, 2023 Vulnerability Information [Update notice] OnSinView2
Sep. 12, 2023 Vulnerability Information [Update notice] Kostac PLC Programming Software (KPP)
Mar. 31, 2023 Vulnerability Information [Update notice] Screen Creator Advance 2 software of GC-A2 Series
Mar. 3, 2023 Vulnerability Information [Update notice] Kostac PLC Programming Software (KPP)
Feb. 3, 2023 Vulnerability Information [Update notice] Screen Creator Advance 2 software of GC-A2 Series
Nov. 18, 2022 Vulnerability Information Countermeasure for password function vulnerability of PLCs