Primary

Context

JTEKT HMI ViewJet C-more and GC-A2 Series Unintended Proxy Vulnerability

Vulnerability

A 'Confused Deputy' vulnerability has been identified in JTEKT HMI ViewJet C-more series and HMI GC-A2 series. This vulnerability allows a remote, unauthenticated attacker to exploit the product as an intermediary in an FTP bounce attack.

Impact

Exploitation of this vulnerability could be used in an FTP bounce attack, with the HMI acting as a relay to target another host.

Remediation

JTEKT has ended support for these products. Users are advised to apply the recommended workaround, which includes using a firewall or VPN to prevent unauthorized access and limiting accessibility to internal networks.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.0

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.0

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

JTEKT HMI ViewJet C-more and GC-A2 Series Unintended Proxy Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating