JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP protocol (configurable on ports 1024-65534 on either TCP or UDP) for a wide variety of engineering purposes such as starting and stopping the PLC, downloading and uploading projects, and changing configuration settings. This protocol does not have any authentication features, allowing any attacker capable of communicating with the port in question to invoke (a subset of) desired functionality.
References
Link | Resource |
---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-22-172-02 | Mitigation Third Party Advisory US Government Resource |
https://www.forescout.com/blog/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
Configuration 13 (hide)
AND |
|
Configuration 14 (hide)
AND |
|
Configuration 15 (hide)
AND |
|
Configuration 16 (hide)
AND |
|
Configuration 17 (hide)
AND |
|
History
02 Aug 2022, 19:49
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:jtekt:pcdl_tkc-6688:-:*:*:*:*:*:*:* cpe:2.3:h:jtekt:pc10ge_tcc-6464:-:*:*:*:*:*:*:* cpe:2.3:h:jtekt:pc10p_tcc-6372:-:*:*:*:*:*:*:* cpe:2.3:o:jtekt:pc10p-dp-io_tcc-6752_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:jtekt:pc3jx-d_tcc-6902:-:*:*:*:*:*:*:* cpe:2.3:o:jtekt:pcdl_tkc-6688_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:jtekt:pc10p-dp_tcc-6726_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:jtekt:nano_10gx_tuc-1157_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:jtekt:pc10b-p_tcc-6373:-:*:*:*:*:*:*:* cpe:2.3:h:jtekt:nano_10gx_tuc-1157:-:*:*:*:*:*:*:* cpe:2.3:h:jtekt:pc10g-cpu_tcc-6353:-:*:*:*:*:*:*:* cpe:2.3:h:jtekt:pc10b_tcc-1021:-:*:*:*:*:*:*:* cpe:2.3:h:jtekt:pc3jx_tcc-6901:-:*:*:*:*:*:*:* cpe:2.3:o:jtekt:pc10el_tcc-4747_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:jtekt:pc10el_tcc-4747:-:*:*:*:*:*:*:* cpe:2.3:o:jtekt:plus_cpu_tcc-6740_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:jtekt:pc10pe_tcc-1101_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:jtekt:pc10pe-1616p_tcc-1102:-:*:*:*:*:*:*:* cpe:2.3:h:jtekt:plus_cpu_tcc-6740:-:*:*:*:*:*:*:* cpe:2.3:o:jtekt:pc10b_tcc-1021_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:jtekt:pc10p-dp_tcc-6726:-:*:*:*:*:*:*:* cpe:2.3:h:jtekt:pc10p-dp-io_tcc-6752:-:*:*:*:*:*:*:* cpe:2.3:o:jtekt:nano_cpu_tuc-6941_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:jtekt:pc10e_tcc-4737:-:*:*:*:*:*:*:* cpe:2.3:o:jtekt:pc10e_tcc-4737_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:jtekt:pc3jx_tcc-6901_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:jtekt:pc10pe_tcc-1101:-:*:*:*:*:*:*:* cpe:2.3:h:jtekt:nano_cpu_tuc-6941:-:*:*:*:*:*:*:* cpe:2.3:o:jtekt:pc3jx-d_tcc-6902_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:jtekt:pc10g-cpu_tcc-6353_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:jtekt:pc10p_tcc-6372_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:jtekt:pc10b-p_tcc-6373_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:jtekt:pc10ge_tcc-6464_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:jtekt:pc10pe-1616p_tcc-1102_firmware:-:*:*:*:*:*:*:* |
|
References | (MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-172-02 - Mitigation, Third Party Advisory, US Government Resource | |
References | (MISC) https://www.forescout.com/blog/ - Third Party Advisory | |
First Time |
Jtekt pcdl Tkc-6688
Jtekt nano 10gx Tuc-1157 Jtekt plus Cpu Tcc-6740 Firmware Jtekt pc10pe Tcc-1101 Jtekt plus Cpu Tcc-6740 Jtekt pc3jx-d Tcc-6902 Firmware Jtekt Jtekt pc10ge Tcc-6464 Firmware Jtekt pc10ge Tcc-6464 Jtekt pc10b Tcc-1021 Jtekt pc3jx-d Tcc-6902 Jtekt pc3jx Tcc-6901 Jtekt nano 10gx Tuc-1157 Firmware Jtekt pc10e Tcc-4737 Jtekt pc10g-cpu Tcc-6353 Firmware Jtekt nano Cpu Tuc-6941 Firmware Jtekt pc3jx Tcc-6901 Firmware Jtekt pc10p-dp Tcc-6726 Jtekt pc10p Tcc-6372 Jtekt pc10p Tcc-6372 Firmware Jtekt pc10pe-1616p Tcc-1102 Jtekt pc10p-dp Tcc-6726 Firmware Jtekt pc10p-dp-io Tcc-6752 Jtekt pc10pe Tcc-1101 Firmware Jtekt pc10el Tcc-4747 Firmware Jtekt pcdl Tkc-6688 Firmware Jtekt pc10e Tcc-4737 Firmware Jtekt nano Cpu Tuc-6941 Jtekt pc10b-p Tcc-6373 Jtekt pc10el Tcc-4747 Jtekt pc10pe-1616p Tcc-1102 Firmware Jtekt pc10g-cpu Tcc-6353 Jtekt pc10b-p Tcc-6373 Firmware Jtekt pc10b Tcc-1021 Firmware Jtekt pc10p-dp-io Tcc-6752 Firmware |
|
CWE | CWE-306 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
26 Jul 2022, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-07-26 22:15
Updated : 2024-02-09 03:16
NVD link : CVE-2022-29951
Mitre link : CVE-2022-29951
CVE.ORG link : CVE-2022-29951
JSON object : View
Products Affected
jtekt
- pc3jx_tcc-6901_firmware
- pc3jx-d_tcc-6902
- pc10g-cpu_tcc-6353
- pc10b_tcc-1021_firmware
- pc10el_tcc-4747_firmware
- pc10pe_tcc-1101_firmware
- pc10pe_tcc-1101
- pc10g-cpu_tcc-6353_firmware
- pc10e_tcc-4737_firmware
- plus_cpu_tcc-6740_firmware
- pc3jx_tcc-6901
- pcdl_tkc-6688_firmware
- pc10p_tcc-6372_firmware
- nano_10gx_tuc-1157
- pcdl_tkc-6688
- pc10p-dp-io_tcc-6752_firmware
- pc10b_tcc-1021
- pc10b-p_tcc-6373
- pc3jx-d_tcc-6902_firmware
- pc10p-dp-io_tcc-6752
- pc10b-p_tcc-6373_firmware
- pc10pe-1616p_tcc-1102_firmware
- pc10pe-1616p_tcc-1102
- pc10p-dp_tcc-6726_firmware
- nano_10gx_tuc-1157_firmware
- pc10p-dp_tcc-6726
- nano_cpu_tuc-6941_firmware
- plus_cpu_tcc-6740
- pc10ge_tcc-6464
- pc10el_tcc-4747
- nano_cpu_tuc-6941
- pc10p_tcc-6372
- pc10e_tcc-4737
- pc10ge_tcc-6464_firmware
CWE
CWE-306
Missing Authentication for Critical Function