Published:2022/05/09  Last Updated:2022/05/09

JVN#50337155
KOYO Electronics Screen Creator Advance2 vulnerable to authentication bypass

Overview

Screen Creator Advance2 provided by KOYO ELECTRONICS INDUSTRIES CO., LTD. contains an authentication bypass vulnerability.

Products Affected

  • Screen Creator Advance2 versions prior to Ver.0.1.1.3 Build01
According to the developer, the following products are affected by the vulnerability.
  • HMI GC-A2 series
    • GC-A22W-CW
    • GC-A24W-C(W)
    • GC-A26W-C(W)
    • GC-A24
    • GC-A24-M
    • GC-A25
    • GC-A26
    • GC-A26-J2
  • Real time remote monitoring and control tool
    • Remote GC

Description

Screen Creator Advance2 provided by KOYO ELECTRONICS INDUSTRIES CO., LTD. is a screen development tool for KOYO ELECTRONICS's HMI.
Screen Creator Advance2 contains an authentication bypass vulnerability (CWE-807) due to the improper check for the Remote control setting's account names.

Impact

An attacker who can access the HMI from Real time remote monitoring and control tool may perform arbitrary operations on the HMI. As a result, the information stored in the HMI may be disclosed, deleted or altered, and/or the equipment may be illegally operated via the HMI.

Solution

Update the software
Update the software to the latest version according to the information provided by the developer.
The developer has released the following version.

  • Screen Creator Advance2 Ver.0.1.1.3 Build01
Apply the workaround
According to the developer, if Remote control function is not use, applying the following workaround to the product may mitigate the impact of this vulnerability.
  • Stop using Remote control function
    • Change the permission of Remote control setting from "True" to "False" and overwrite the settings on HMI
For more information, refer to the information provided by the developer.

Vendor Status

Vendor Link
KOYO ELECTRONICS INDUSTRIES CO., LTD. [Update notice] Screen Creator Advance 2 software of GC-A2 Series

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score: 4.0
Attack Vector(AV) Physical (P) Local (L) Adjacent (A) Network (N)
Attack Complexity(AC) High (H) Low (L)
Privileges Required(PR) High (H) Low (L) None (N)
User Interaction(UI) Required (R) None (N)
Scope(S) Unchanged (U) Changed (C)
Confidentiality Impact(C) None (N) Low (L) High (H)
Integrity Impact(I) None (N) Low (L) High (H)
Availability Impact(A) None (N) Low (L) High (H)
CVSS v2 AV:L/AC:L/Au:N/C:P/I:N/A:N
Base Score: 2.1
Access Vector(AV) Local (L) Adjacent Network (A) Network (N)
Access Complexity(AC) High (H) Medium (M) Low (L)
Authentication(Au) Multiple (M) Single (S) None (N)
Confidentiality Impact(C) None (N) Partial (P) Complete (C)
Integrity Impact(I) None (N) Partial (P) Complete (C)
Availability Impact(A) None (N) Partial (P) Complete (C)

Credit

KOYO ELECTRONICS INDUSTRIES CO., LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and KOYO ELECTRONICS INDUSTRIES CO., LTD. coordinated under the Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2022-29518
JVN iPedia JVNDB-2022-000029