CVE-2022-29518

Name of the Vulnerable Software and Affected Versions Screen Creator Advance2 versions prior to Ver.0.1.1.3 Build01 HMI GC-A2 series versions (including GC-A22W-CW, GC-A24W-C(W), GC-A26W-C(W), GC-A24, GC-A24-M, GC-A25, GC-A26, and GC-A26-J2) Real time remote monitoring and control tool (Remote GC) (affected versions not specified)

Description The issue allows a local attacker to bypass authentication due to the improper check for the Remote control setting's account names. This may allow an attacker who can access the HMI from the Real time remote monitoring and control tool to perform arbitrary operations on the HMI. As a result, the information stored in the HMI may be disclosed, deleted, or altered, and/or the equipment may be illegally operated via the HMI.

Recommendations For Screen Creator Advance2 versions prior to Ver.0.1.1.3 Build01, update to Ver.0.1.1.3 Build01 or later to resolve the issue. For HMI GC-A2 series, restrict access to the Remote control setting to minimize the risk of exploitation until a patch is available. For Real time remote monitoring and control tool (Remote GC), avoid using the vulnerable Remote control setting until the issue is resolved. As a temporary workaround, consider disabling the Remote control setting until a patch is available.