Information disclosure in KOYO Electronics Screen Creator Advance2
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2022-29518 |
| CWE-ID | CWE-807 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
GC-A22W-CW Hardware solutions / Firmware GC-A24W-C(W) Hardware solutions / Firmware GC-A26W-C(W) Hardware solutions / Firmware GC-A24 Hardware solutions / Firmware GC-A24-M Hardware solutions / Firmware GC-A25 Hardware solutions / Firmware GC-A26 Hardware solutions / Firmware GC-A26-J2 Hardware solutions / Firmware Remote GC Hardware solutions / Firmware Screen Creator Advance 2 Hardware solutions / Firmware |
| Vendor |
JTEKT ELECTRONICS CORPORATION Koyo Electronics Industries |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Reliance on Untrusted Inputs in a Security Decision
EUVDB-ID: #VU62848
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-29518
CWE-ID:
CWE-807 - Reliance on Untrusted Inputs in a Security Decision
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to bypass authentication process.
The vulnerability exists due to improper check for the Remote control setting's account names. A local attacker can bypass authentication process and gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGC-A22W-CW: All versions
GC-A24W-C(W): All versions
GC-A26W-C(W): All versions
GC-A24: All versions
GC-A24-M: All versions
GC-A25: All versions
GC-A26: All versions
GC-A26-J2: All versions
Remote GC: All versions
Screen Creator Advance 2: All versions
CPE2.3- cpe:2.3:h:jtekt_electronics_corporation:gc-a22w-cw:*:*:*:*:*:*:*:*
- cpe:2.3:h:jtekt_electronics_corporation:gc-a24w-c_w:*:*:*:*:*:*:*:*
- cpe:2.3:h:jtekt_electronics_corporation:gc-a26w-c_w:*:*:*:*:*:*:*:*
- cpe:2.3:h:jtekt_electronics_corporation:gc-a24:*:*:*:*:*:*:*:*
- cpe:2.3:h:jtekt_electronics_corporation:gc-a24-m:*:*:*:*:*:*:*:*
- cpe:2.3:h:jtekt_electronics_corporation:gc-a25:*:*:*:*:*:*:*:*
- cpe:2.3:h:jtekt_electronics_corporation:gc-a26:*:*:*:*:*:*:*:*
- cpe:2.3:h:jtekt_electronics_corporation:gc-a26-j2:*:*:*:*:*:*:*:*
- cpe:2.3:h:koyo_electronics_industries:remote_gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:koyo_electronics_industries:screen_creator_advance_2:*:*:*:*:*:*:*:*
https://jvn.jp/en/jp/JVN50337155/index.html
https://www.koyoele.co.jp/en/topics/202205095016/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
