CVE-2025-24517 Inaba Denki Sangyo Co., Ltd. CVE debrief

Who should care

OT/ICS operators, administrators, and integrators responsible for CHOCO TEI WATCHER mini (IB-MCT001), especially where the device is reachable outside a tightly controlled trusted LAN.

Technical summary

The supplied advisory describes a network-reachable client-side authentication weakness with no privileges or user interaction required (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). The stated impact is disclosure of the product's login password. The CSAF record lists the affected product as vers:all/* and provides workaround-focused mitigation guidance rather than a fixed version.

Defensive priority

High. A flaw that can expose login credentials without authentication can quickly become an access-control problem for the device and any connected environment, so exposure should be reduced immediately until vendor guidance is in place.

Recommended defensive actions

• Follow the vendor and CISA advisory guidance for ICSA-25-084-04 / JVNVU#91154745.
• Keep the product within a trusted LAN and block access from untrusted networks and hosts through firewalls.
• If Internet or remote access is required, place the device behind a VPN or firewall and restrict exposure to the minimum necessary.
• Restrict product operation and handling of microSD cards to authorized users only.
• Review access paths and administrative accounts for signs of unauthorized use, and limit any unnecessary network reachability.

Evidence notes

CISA's CSAF advisory (ICSA-25-084-04) states that Inaba Denki Sangyo CHOCO TEI WATCHER mini is vulnerable to a client-side authentication issue that may let an attacker obtain the login password without authentication. The advisory lists the affected product as Inaba Denki Sangyo Co., Ltd. CHOCO TEI WATCHER mini (IB-MCT001): vers:all/* and provides mitigation steps centered on LAN isolation, firewall/VPN controls, and restricting use to authorized users. The supplied corpus does not identify a fixed version.

Official resources