CVE-2022-29951

JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP protocol (configurable on ports 1024-65534 on either TCP or UDP) for a wide variety of engineering purposes such as starting and stopping the PLC, downloading and uploading projects, and changing configuration settings. This protocol does not have any authentication features, allowing any attacker capable of communicating with the port in question to invoke (a subset of) desired functionality.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-172-02	Mitigation Third Party Advisory US Government Resource
https://www.forescout.com/blog/	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:jtekt:pc10g-cpu_tcc-6353_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:jtekt:pc10g-cpu_tcc-6353:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:jtekt:pc10ge_tcc-6464_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:jtekt:pc10ge_tcc-6464:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:jtekt:pc10p_tcc-6372_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:jtekt:pc10p_tcc-6372:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:jtekt:pc10p-dp_tcc-6726_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:jtekt:pc10p-dp_tcc-6726:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:jtekt:pc10p-dp-io_tcc-6752_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:jtekt:pc10p-dp-io_tcc-6752:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:jtekt:pc10b-p_tcc-6373_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:jtekt:pc10b-p_tcc-6373:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:jtekt:pc10b_tcc-1021_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:jtekt:pc10b_tcc-1021:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:jtekt:pc10e_tcc-4737_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:jtekt:pc10e_tcc-4737:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:jtekt:pc10el_tcc-4747_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:jtekt:pc10el_tcc-4747:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:jtekt:plus_cpu_tcc-6740_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:jtekt:plus_cpu_tcc-6740:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:jtekt:pc3jx_tcc-6901_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:jtekt:pc3jx_tcc-6901:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:jtekt:pc3jx-d_tcc-6902_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:jtekt:pc3jx-d_tcc-6902:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:jtekt:pc10pe_tcc-1101_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:jtekt:pc10pe_tcc-1101:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:jtekt:pc10pe-1616p_tcc-1102_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:jtekt:pc10pe-1616p_tcc-1102:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:jtekt:pcdl_tkc-6688_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:jtekt:pcdl_tkc-6688:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:jtekt:nano_10gx_tuc-1157_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:jtekt:nano_10gx_tuc-1157:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:jtekt:nano_cpu_tuc-6941_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:jtekt:nano_cpu_tuc-6941:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-07-26 22:15

Updated : 2024-02-28 19:29

NVD link : CVE-2022-29951

Mitre link : CVE-2022-29951

CVE.ORG link : CVE-2022-29951

JSON object : View

Products Affected

jtekt

pc10p-dp-io_tcc-6752
pc10ge_tcc-6464
pc10el_tcc-4747
pc10ge_tcc-6464_firmware
pc10e_tcc-4737
nano_10gx_tuc-1157
nano_cpu_tuc-6941
pc10pe_tcc-1101
pc10p-dp_tcc-6726
pc10b-p_tcc-6373
pc10e_tcc-4737_firmware
pc3jx-d_tcc-6902
pc10g-cpu_tcc-6353
pc10b-p_tcc-6373_firmware
plus_cpu_tcc-6740
pc10el_tcc-4747_firmware
nano_cpu_tuc-6941_firmware
pc10p_tcc-6372
pcdl_tkc-6688
pc10b_tcc-1021_firmware
pc10pe_tcc-1101_firmware
pcdl_tkc-6688_firmware
pc3jx_tcc-6901_firmware
pc10p_tcc-6372_firmware
pc10p-dp_tcc-6726_firmware
pc10pe-1616p_tcc-1102
pc10b_tcc-1021
nano_10gx_tuc-1157_firmware
pc3jx-d_tcc-6902_firmware
pc3jx_tcc-6901
pc10g-cpu_tcc-6353_firmware
pc10p-dp-io_tcc-6752_firmware
pc10pe-1616p_tcc-1102_firmware
plus_cpu_tcc-6740_firmware

CWE

CWE-306

Missing Authentication for Critical Function

9.1 /10