Lucene search

[email protected]CVE-2022-29518

HistoryMay 18, 2022 - 3:15 p.m.

CVE-2022-29518

2022-05-1815:15:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2022-29518

screen creator advance2

hmi gc-a2

remote monitoring

authentication bypass

information disclosure

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

5.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:P/I:P/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

Screen Creator Advance2, HMI GC-A2 series, and Real time remote monitoring and control tool Screen Creator Advance2 versions prior to Ver.0.1.1.3 Build01, HMI GC-A2 series(GC-A22W-CW, GC-A24W-C(W), GC-A26W-C(W), GC-A24, GC-A24-M, GC-A25, GC-A26, and GC-A26-J2), and Real time remote monitoring and control tool(Remote GC) allows a local attacker to bypass authentication due to the improper check for the Remote control setting’s account names. This may allow attacker who can access the HMI from Real time remote monitoring and control tool may perform arbitrary operations on the HMI. As a result, the information stored in the HMI may be disclosed, deleted or altered, and/or the equipment may be illegally operated via the HMI.

CPENameOperatorVersion
koyoele:screen_creator_advance_2koyoele screen creator advance 2eq0.1.1.3
koyoele:remote_gckoyoele remote gceq-
koyoele:gc-a22w-cw_firmwarekoyoele gc-a22w-cw firmwareeq-
koyoele:gc-a24_firmwarekoyoele gc-a24 firmwareeq-
koyoele:gc-a24-m_firmwarekoyoele gc-a24-m firmwareeq-
koyoele:gc-a24w-c\(w\)_firmwarekoyoele gc-a24w-c\(w\) firmwareeq-
koyoele:gc-a25_firmwarekoyoele gc-a25 firmwareeq-
koyoele:gc-a26_firmwarekoyoele gc-a26 firmwareeq-
koyoele:gc-a26-j2_firmwarekoyoele gc-a26-j2 firmwareeq-
koyoele:gc-a26w-c\(w\)_firmwarekoyoele gc-a26w-c\(w\) firmwareeq-

CPE	Name	Operator	Version
koyoele:screen_creator_advance_2	koyoele screen creator advance 2	eq	0.1.1.3
koyoele:remote_gc	koyoele remote gc	eq	-
koyoele:gc-a22w-cw_firmware	koyoele gc-a22w-cw firmware	eq	-
koyoele:gc-a24_firmware	koyoele gc-a24 firmware	eq	-
koyoele:gc-a24-m_firmware	koyoele gc-a24-m firmware	eq	-
koyoele:gc-a24w-c\(w\)_firmware	koyoele gc-a24w-c\(w\) firmware	eq	-
koyoele:gc-a25_firmware	koyoele gc-a25 firmware	eq	-
koyoele:gc-a26_firmware	koyoele gc-a26 firmware	eq	-
koyoele:gc-a26-j2_firmware	koyoele gc-a26-j2 firmware	eq	-
koyoele:gc-a26w-c\(w\)_firmware	koyoele gc-a26w-c\(w\) firmware	eq	-

References

jvn.jp/en/jp/JVN50337155/index.html

www.koyoele.co.jp/en/topics/202205095016/

Social References

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

5.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:P/I:P/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2022-29518

prion1 cvelist1 jvn1