Nozomi Networks Labs recently brought to light four critical vulnerabilities found in the Inaba Denki Sangyo Co., Ltd. IB-MCT001 camera, which is widely used in Japanese production facilities to document production interruptions. These vulnerabilities, which are yet to be resolved, present significant risks to industrial settings, potentially allowing unauthorized remote access and manipulation of crucial production data.

The IB-MCT001 camera, known as the CHOCO TEI WATCHER mini, is specifically designed to capture and analyze brief production stoppages to enhance manufacturing efficiency. However, the identified vulnerabilities could empower malicious entities to circumvent authentication protocols, gain covert access to live video feeds, and even disrupt the recording of production line interruptions.

In terms of industrial security implications, these vulnerabilities could lead to covert surveillance of production lines and disruption of stoppage recordings. If exploited by an unauthenticated attacker, the consequences could include industrial espionage, compromise of proprietary manufacturing processes, manipulation or deletion of recorded footage hindering operational analysis, extended downtime, and increased expenses. The alarming aspect of these vulnerabilities is their potential for remote exploitation without requiring authentication or user interaction, making any exposed IB-MCT001 device vulnerable to malicious activity.

The vulnerabilities affecting all versions of the IB-MCT001 camera are as follows:
– CVE-2025-25211: Weak password requirements (CWE-521) with a CVSS v3.1 Base Score of 9.8
– CVE-2025-26689: Forced browsing (CWE-425) with a CVSS v3.1 Base Score of 9.8
– CVE-2025-24517: Use of client-side authentication (CWE-603) with a CVSS v3.1 Base Score of 7.5
– CVE-2025-24852: Storing passwords in a recoverable format (CWE-257) with a CVSS v3.1 Base Score of 4.6
Given the vendor’s inability to provide patches for these vulnerabilities, organizations using the IB-MCT001 camera must implement mitigations to safeguard their systems. Nozomi Networks Labs recommends restricting and monitoring network access to the device’s management web application, isolating the device on a secure network, and enforcing stringent firewall rules. Additionally, for vulnerabilities requiring physical access like CVE-2025-24852, the device should be placed in a secure, restricted area accessible solely to authorized personnel.

For further guidance on mitigation strategies, organizations can refer to security advisories from the vendor, JPCERT/CC (JVNVU#91154745), and CISA (ICSA-25-084-04). It is crucial for industrial establishments to address these vulnerabilities promptly to prevent potential exploitation and protect critical operations.

In conclusion, the discovery of these vulnerabilities in the IB-MCT001 camera underscores the importance of robust cybersecurity measures in industrial environments to mitigate risks and uphold operational integrity. By implementing the recommended mitigations and staying informed on security advisories, organizations can fortify their defenses against potential threats and ensure the security of their production processes.

Source link