[Update notice] Screen Creator Advance 2 software of GC-A2 Series

Feb. 3, 2023

1.Overview

A vulnerability was found in Screen Creator Advance 2.
We will inform you of the contents and how to deal with it.
Please confirm the contents and apply the follow solution.

2.Products Affected

Product: Screen Creator Advance 2
Version: Prior to Ver.0.1.1.4 Build01

3.Description

Screen Creator Advance 2 contains multiple vulnerabilities listed below.

Vulnerability 1) Out-of-bound write

When an out of specification error is detected, out-of-bound write occurs because there is no error handling process.

CWE ID: CWE-787
CVE ID: CVE-2023-22345
CVSS v3: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base score:7.8

Vulnerability 2) Out-of-bound read 1

Out-of-bound read occurs when processing template information because the end of data cannot be verified.

CWE ID: CWE-125
CVE ID: CVE-2023-22346
CVSS v3: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base score:7.8

Vulnerability 3) Out-of-bound read 2

Out-of-bound read occurs when processing file structure information because the end of data cannot be verified.

CWE ID: CWE-125
CVE ID: CVE-2023-22347
CVSS v3: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base score:7.8

Vulnerability 4) Out-of-bound read 3

Out-of-bound read occurs when processing screen management information because the end of data cannot be verified.

CWE ID: CWE-125
CVE ID: CVE-2023-22349
CVSS v3: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base score:7.8

Vulnerability 5) Out-of-bound read 4

Out-of-bound read occurs when processing parts management information because the end of data cannot be verified.

CWE ID: CWE-125
CVE ID: CVE-2023-22350
CVSS v3: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base score:7.8

Vulnerability 6) Out-of-bound read 5

Out-of-bound read occurs when processing control management information because the end of data cannot be verified.

CWE ID: CWE-125
CVE ID: CVE-2023-22353
CVSS v3: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base score:7.8

Vulnerability 7) Use-after-free

When an error is detected, out-of-bound write occurs because there is no error handling process.

CWE ID: CWE-416
CVE ID: CVE-2023-22360
CVSS v3: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base score:7.8

4.Impact

Information disclosure and/or arbitrary code execution may occur by having a user to open a specially crafted project file.

5.Solution

Update Screen Creator Advance 2

The version that contains fixes for these vulnerabilities is as follows.
Version： Ver.0.1.1.4 Build01A and above
The latest version can be downloaded from the following our website

URL：https://www.electronics.jtekt.co.jp/en/download/hmi/

6.Credit

Michael Heinzl reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with us.