#VU62848 Reliance on Untrusted Inputs in a Security Decision in Koyo Electronics Industries products - CVE-2022-29518
Published: May 9, 2022
Vulnerability identifier: #VU62848
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-29518
CWE-ID: CWE-807
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
GC-A22W-CW
GC-A24W-C(W)
GC-A26W-C(W)
GC-A24
GC-A24-M
GC-A25
GC-A26
GC-A26-J2
Remote GC
Screen Creator Advance 2
GC-A22W-CW
GC-A24W-C(W)
GC-A26W-C(W)
GC-A24
GC-A24-M
GC-A25
GC-A26
GC-A26-J2
Remote GC
Screen Creator Advance 2
Software vendor:
JTEKT ELECTRONICS CORPORATION
Koyo Electronics Industries
JTEKT ELECTRONICS CORPORATION
Koyo Electronics Industries
Description
The vulnerability allows a local attacker to bypass authentication process.
The vulnerability exists due to improper check for the Remote control setting's account names. A local attacker can bypass authentication process and gain unauthorized access to sensitive information on the system.
Remediation
Install updates from vendor's website.