Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-24517

Summary
Assigner-jpcert
Assigner Org ID-ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At-31 Mar, 2025 | 04:48
Updated At-31 Mar, 2025 | 12:59
Rejected At-
Credits

Use of client-side authentication issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a remote attacker may obtain the product login password without authentication.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:jpcert
Assigner Org ID:ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At:31 Mar, 2025 | 04:48
Updated At:31 Mar, 2025 | 12:59
Rejected At:
▼CVE Numbering Authority (CNA)

Use of client-side authentication issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a remote attacker may obtain the product login password without authentication.

Affected Products
Vendor
Inaba Denki Sangyo Co., Ltd.
Product
CHOCO TEI WATCHER mini (IB-MCT001)
Versions
Affected
  • all versions
Problem Types
TypeCWE IDDescription
CWECWE-603Use of client-side authentication
Type: CWE
CWE ID: CWE-603
Description: Use of client-side authentication
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.inaba.co.jp/files/chocomini_vulnerability.pdf
N/A
https://jvn.jp/en/vu/JVNVU91154745/
N/A
https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04
N/A
https://www.nozominetworks.com/blog/unpatched-vulnerabilities-in-production-line-cameras-may-allow-remote-surveillance-hinder-stoppage-recording
N/A
Hyperlink: https://www.inaba.co.jp/files/chocomini_vulnerability.pdf
Resource: N/A
Hyperlink: https://jvn.jp/en/vu/JVNVU91154745/
Resource: N/A
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04
Resource: N/A
Hyperlink: https://www.nozominetworks.com/blog/unpatched-vulnerabilities-in-production-line-cameras-may-allow-remote-surveillance-hinder-stoppage-recording
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:vultures@jpcert.or.jp
Published At:31 Mar, 2025 | 05:15
Updated At:01 Apr, 2025 | 20:26

Use of client-side authentication issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a remote attacker may obtain the product login password without authentication.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-603Primaryvultures@jpcert.or.jp
CWE ID: CWE-603
Type: Primary
Source: vultures@jpcert.or.jp
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://jvn.jp/en/vu/JVNVU91154745/vultures@jpcert.or.jp
N/A
https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04vultures@jpcert.or.jp
N/A
https://www.inaba.co.jp/files/chocomini_vulnerability.pdfvultures@jpcert.or.jp
N/A
https://www.nozominetworks.com/blog/unpatched-vulnerabilities-in-production-line-cameras-may-allow-remote-surveillance-hinder-stoppage-recordingvultures@jpcert.or.jp
N/A
Hyperlink: https://jvn.jp/en/vu/JVNVU91154745/
Source: vultures@jpcert.or.jp
Resource: N/A
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04
Source: vultures@jpcert.or.jp
Resource: N/A
Hyperlink: https://www.inaba.co.jp/files/chocomini_vulnerability.pdf
Source: vultures@jpcert.or.jp
Resource: N/A
Hyperlink: https://www.nozominetworks.com/blog/unpatched-vulnerabilities-in-production-line-cameras-may-allow-remote-surveillance-hinder-stoppage-recording
Source: vultures@jpcert.or.jp
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

6Records found
CVE-2023-31196
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-0.35% / 57.00%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 00:00
Updated-03 Jan, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Missing authentication for critical function in Wi-Fi AP UNIT allows a remote unauthenticated attacker to obtain sensitive information of the affected products. Affected products and versions are as follows: AC-PD-WAPU v1.05_B04 and earlier, AC-PD-WAPUM v1.05_B04 and earlier, AC-PD-WAPU-P v1.05_B04P and earlier, AC-PD-WAPUM-P v1.05_B04P and earlier, AC-WAPU-300 v1.00_B07 and earlier, AC-WAPUM-300 v1.00_B07 and earlier, AC-WAPU-300-P v1.00_B07 and earlier, and AC-WAPUM-300-P v1.00_B07 and earlier

Action-Not Available
Vendor-inabaInaba Denki Sangyo Co., Ltd.
Product-ac-pd-wapum-pac-wapum-300-pac-pd-wapumac-wapum-300_firmwareac-wapum-300-p_firmwareac-wapum-300ac-wapu-300ac-wapu-300-pac-pd-wapu_firmwareac-wapu-300_firmwareac-pd-wapum_firmwareac-pd-wapu-pac-pd-wapuac-wapu-300-p_firmwareac-pd-wapu-p_firmwareac-pd-wapum-p_firmwareWi-Fi AP UNIT
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-29870
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-0.10% / 29.02%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 09:03
Updated-10 Apr, 2025 | 14:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Missing authentication for critical function vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote unauthenticated attacker may obtain the product configuration information including authentication information.

Action-Not Available
Vendor-Inaba Denki Sangyo Co., Ltd.
Product-AC-PD-WPS-11ac-PAC-PD-WPS-11acAC-WPS-11acAC-WPSM-11ac-PAC-WPSM-11acAC-WPS-11ac-P
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-27934
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-0.10% / 29.02%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 09:03
Updated-09 Apr, 2025 | 14:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Information disclosure of authentication information in the specific service vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote unauthenticated attacker may obtain the product authentication information.

Action-Not Available
Vendor-Inaba Denki Sangyo Co., Ltd.
Product-AC-WPSM-11acAC-WPS-11ac-PAC-WPS-11acAC-WPSM-11ac-PAC-PD-WPS-11acAC-PD-WPS-11ac-P
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2024-28627
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 19.89%
||
7 Day CHG~0.00%
Published-23 Apr, 2024 | 00:00
Updated-02 Aug, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Flipsnack v.18/03/2024 allows a local attacker to obtain sensitive information via the reader.gz.js file.

Action-Not Available
Vendor-n/aflipsnack
Product-n/aflipsnack
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-603
Use of Client-Side Authentication
CVE-2020-6988
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.13% / 33.57%
||
7 Day CHG~0.00%
Published-16 Mar, 2020 | 15:38
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, A remote, unauthenticated attacker can send a request from the RSLogix 500 software to the victim’s MicroLogix controller. The controller will then respond to the client with used password values to authenticate the user on the client-side. This method of authentication may allow an attacker to bypass authentication altogether, disclose sensitive information, or leak credentials.

Action-Not Available
Vendor-n/aRockwell Automation, Inc.
Product-micrologix_1400_a_firmwaremicrologix_1100rslogix_500micrologix_1100_firmwaremicrologix_1400micrologix_1400_b_firmwareRockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior
CWE ID-CWE-603
Use of Client-Side Authentication
CWE ID-CWE-287
Improper Authentication
CVE-2024-45785
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.08%
||
7 Day CHG~0.00%
Published-25 Oct, 2024 | 07:57
Updated-06 Nov, 2024 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MUSASI version 3 contains an issue with use of client-side authentication. If this vulnerability is exploited, other users' credential and sensitive information may be retrieved.

Action-Not Available
Vendor-neumannNEUMANN CO.LTD.neumannjp
Product-musasiMUSASImusasi
CWE ID-CWE-603
Use of Client-Side Authentication
Details not found