ICSA-25-084-04 · Published 2025-03-25 · View on CISA ICS-CERT ↗

Inaba Denki Sangyo CHOCO TEI WATCHER mini

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to obtain the product's login password, gain unauthorized access, tamper with product's data, and/or modify product settings.

CVEs (4)

CVE-2025-24517 CVE-2025-24852 CVE-2025-25211 CVE-2025-26689

Remediations

Inaba Denki Sangyo Co., Ltd. recommends users follow the following workarounds to help mitigate the impacts of these vulnerabilities:
Use the product within LAN and block access from untrusted networks and hosts through firewalls.
Use a firewall or virtual private network (VPN), etc. to prevent unauthorized access when Internet access is required, and restrict Internet access to minimum.
Restrict the product operation (including use/handling of microSD cards on the product) only to authorized users.
For more information see the associated security advisory JVNVU#91154745 and Multiple vulnerabilities in CHOCO TEI WATCHER mini.

Affected Vendors

Inaba Denki Sangyo Co., Ltd.

Affected Products (1)

Inaba Denki Sangyo Co., Ltd. · CHOCO TEI WATCHER mini (IB-MCT001) vers:all/*

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more