JTEKT HMI ViewJet C-more Series Improper UI Layer Restriction Vulnerability

A vulnerability exists in the HMI ViewJet C-more series that allows a remote, unauthenticated attacker to manipulate the product user into performing actions on the product's web pages. This issue arises from an improper restriction of rendered UI layers or frames, potentially leading to a clickjacking attack.

Impact

Exploitation of this vulnerability could enable a clickjacking attack, where an attacker tricks a user into interacting with a different element than intended, potentially leading to unauthorized actions being performed on the user's behalf.

Remediation

The developer has ended support for the HMI ViewJet C-more series and recommends users apply a workaround. When connecting the HMI to the Internet, use a firewall or virtual private network (VPN) to prevent unauthorized access. Limit access to the internal network and keep project files in a secure location away from third parties.