JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP protocol (configurable on ports 1024-65534 on either TCP or UDP) for a wide variety of engineering purposes such as starting and stopping the PLC, downloading and uploading projects, and changing configuration settings. This protocol does not have any authentication features, allowing any attacker capable of communicating with the port in question to invoke (a subset of) desired functionality.
References
Link | Resource |
---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-22-172-02 | Mitigation Third Party Advisory US Government Resource |
https://www.forescout.com/blog/ | Third Party Advisory |
https://www.cisa.gov/uscert/ics/advisories/icsa-22-172-02 | Mitigation Third Party Advisory US Government Resource |
https://www.forescout.com/blog/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
Configuration 13 (hide)
AND |
|
Configuration 14 (hide)
AND |
|
Configuration 15 (hide)
AND |
|
Configuration 16 (hide)
AND |
|
Configuration 17 (hide)
AND |
|
History
21 Nov 2024, 07:00
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.cisa.gov/uscert/ics/advisories/icsa-22-172-02 - Mitigation, Third Party Advisory, US Government Resource | |
References | () https://www.forescout.com/blog/ - Third Party Advisory |
02 Aug 2022, 19:49
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:jtekt:pc10pe-1616p_tcc-1102_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:jtekt:pc10e_tcc-4737_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:jtekt:pc10b_tcc-1021:-:*:*:*:*:*:*:* cpe:2.3:o:jtekt:pc3jx_tcc-6901_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:jtekt:pc3jx_tcc-6901:-:*:*:*:*:*:*:* cpe:2.3:o:jtekt:pc10el_tcc-4747_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:jtekt:pc10b-p_tcc-6373:-:*:*:*:*:*:*:* cpe:2.3:o:jtekt:pc3jx-d_tcc-6902_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:jtekt:pc10pe_tcc-1101:-:*:*:*:*:*:*:* cpe:2.3:h:jtekt:pc10e_tcc-4737:-:*:*:*:*:*:*:* cpe:2.3:h:jtekt:nano_cpu_tuc-6941:-:*:*:*:*:*:*:* cpe:2.3:o:jtekt:pcdl_tkc-6688_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:jtekt:pc10pe_tcc-1101_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:jtekt:pc10b_tcc-1021_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:jtekt:pc10ge_tcc-6464:-:*:*:*:*:*:*:* cpe:2.3:h:jtekt:pc10p-dp_tcc-6726:-:*:*:*:*:*:*:* cpe:2.3:h:jtekt:pc3jx-d_tcc-6902:-:*:*:*:*:*:*:* cpe:2.3:o:jtekt:pc10b-p_tcc-6373_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:jtekt:pc10p_tcc-6372_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:jtekt:pc10p_tcc-6372:-:*:*:*:*:*:*:* cpe:2.3:h:jtekt:pc10p-dp-io_tcc-6752:-:*:*:*:*:*:*:* cpe:2.3:o:jtekt:pc10p-dp-io_tcc-6752_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:jtekt:pc10ge_tcc-6464_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:jtekt:pc10pe-1616p_tcc-1102:-:*:*:*:*:*:*:* cpe:2.3:o:jtekt:pc10g-cpu_tcc-6353_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:jtekt:pc10p-dp_tcc-6726_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:jtekt:plus_cpu_tcc-6740_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:jtekt:nano_10gx_tuc-1157_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:jtekt:plus_cpu_tcc-6740:-:*:*:*:*:*:*:* cpe:2.3:o:jtekt:nano_cpu_tuc-6941_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:jtekt:nano_10gx_tuc-1157:-:*:*:*:*:*:*:* cpe:2.3:h:jtekt:pc10el_tcc-4747:-:*:*:*:*:*:*:* cpe:2.3:h:jtekt:pcdl_tkc-6688:-:*:*:*:*:*:*:* cpe:2.3:h:jtekt:pc10g-cpu_tcc-6353:-:*:*:*:*:*:*:* |
|
References | (MISC) https://www.forescout.com/blog/ - Third Party Advisory | |
References | (MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-172-02 - Mitigation, Third Party Advisory, US Government Resource | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
CWE | CWE-306 |
26 Jul 2022, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-07-26 22:15
Updated : 2024-11-21 07:00
NVD link : CVE-2022-29951
Mitre link : CVE-2022-29951
CVE.ORG link : CVE-2022-29951
JSON object : View
Products Affected
jtekt
- pc10p-dp-io_tcc-6752_firmware
- plus_cpu_tcc-6740_firmware
- pc10el_tcc-4747_firmware
- pc10g-cpu_tcc-6353_firmware
- plus_cpu_tcc-6740
- pc10el_tcc-4747
- pc10b-p_tcc-6373
- pcdl_tkc-6688
- pc10g-cpu_tcc-6353
- pc10e_tcc-4737
- pc10b_tcc-1021
- pc10e_tcc-4737_firmware
- pc10pe-1616p_tcc-1102_firmware
- pc10pe-1616p_tcc-1102
- pc10ge_tcc-6464_firmware
- pc3jx-d_tcc-6902_firmware
- pcdl_tkc-6688_firmware
- pc10p_tcc-6372
- pc3jx_tcc-6901
- pc10pe_tcc-1101_firmware
- pc10p-dp_tcc-6726
- nano_cpu_tuc-6941_firmware
- pc10p-dp_tcc-6726_firmware
- nano_10gx_tuc-1157
- pc3jx_tcc-6901_firmware
- pc3jx-d_tcc-6902
- nano_cpu_tuc-6941
- pc10b-p_tcc-6373_firmware
- pc10b_tcc-1021_firmware
- pc10p_tcc-6372_firmware
- pc10pe_tcc-1101
- pc10p-dp-io_tcc-6752
- nano_10gx_tuc-1157_firmware
- pc10ge_tcc-6464
CWE
CWE-306
Missing Authentication for Critical Function