Headline
CVE-2022-29518: KOYO Electronics Screen Creator Advance2 vulnerable to authentication bypass
Screen Creator Advance2, HMI GC-A2 series, and Real time remote monitoring and control tool Screen Creator Advance2 versions prior to Ver.0.1.1.3 Build01, HMI GC-A2 series(GC-A22W-CW, GC-A24W-C(W), GC-A26W-C(W), GC-A24, GC-A24-M, GC-A25, GC-A26, and GC-A26-J2), and Real time remote monitoring and control tool(Remote GC) allows a local attacker to bypass authentication due to the improper check for the Remote control setting’s account names. This may allow attacker who can access the HMI from Real time remote monitoring and control tool may perform arbitrary operations on the HMI. As a result, the information stored in the HMI may be disclosed, deleted or altered, and/or the equipment may be illegally operated via the HMI.
Published:2022/05/09 Last Updated:2022/05/09
Overview
Screen Creator Advance2 provided by KOYO ELECTRONICS INDUSTRIES CO., LTD. contains an authentication bypass vulnerability.
Products Affected
- Screen Creator Advance2 versions prior to Ver.0.1.1.3 Build01
According to the developer, the following products are affected by the vulnerability.
- HMI GC-A2 series
- GC-A22W-CW
- GC-A24W-C(W)
- GC-A26W-C(W)
- GC-A24
- GC-A24-M
- GC-A25
- GC-A26
- GC-A26-J2
- Real time remote monitoring and control tool
- Remote GC
Description
Screen Creator Advance2 provided by KOYO ELECTRONICS INDUSTRIES CO., LTD. is a screen development tool for KOYO ELECTRONICS’s HMI.
Screen Creator Advance2 contains an authentication bypass vulnerability (CWE-807) due to the improper check for the Remote control setting’s account names.
Impact
An attacker who can access the HMI from Real time remote monitoring and control tool may perform arbitrary operations on the HMI. As a result, the information stored in the HMI may be disclosed, deleted or altered, and/or the equipment may be illegally operated via the HMI.
Solution
Update the software
Update the software to the latest version according to the information provided by the developer.
The developer has released the following version.
- Screen Creator Advance2 Ver.0.1.1.3 Build01
Apply the workaround
According to the developer, if Remote control function is not use, applying the following workaround to the product may mitigate the impact of this vulnerability.
- Stop using Remote control function
- Change the permission of Remote control setting from “True” to “False” and overwrite the settings on HMI
For more information, refer to the information provided by the developer.
Vendor Status
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
CVSS v3 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector(AV)
Physical §
Local (L)
Adjacent (A)
Network (N)
Attack Complexity(AC)
High (H)
Low (L)
Privileges Required(PR)
High (H)
Low (L)
None (N)
User Interaction(UI)
Required ®
None (N)
Scope(S)
Unchanged (U)
Changed ©
Confidentiality Impact©
None (N)
Low (L)
High (H)
Integrity Impact(I)
None (N)
Low (L)
High (H)
Availability Impact(A)
None (N)
Low (L)
High (H)
CVSS v2 AV:L/AC:L/Au:N/C:P/I:N/A:N
Access Vector(AV)
Local (L)
Adjacent Network (A)
Network (N)
Access Complexity(AC)
High (H)
Medium (M)
Low (L)
Authentication(Au)
Multiple (M)
Single (S)
None (N)
Confidentiality Impact©
None (N)
Partial §
Complete ©
Integrity Impact(I)
None (N)
Partial §
Complete ©
Availability Impact(A)
None (N)
Partial §
Complete ©
Credit
KOYO ELECTRONICS INDUSTRIES CO., LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and KOYO ELECTRONICS INDUSTRIES CO., LTD. coordinated under the Information Security Early Warning Partnership.
Other Information