CVE-2021-27477
01.07.2021, 13:15
When JTEKT Corporation TOYOPUC PLC versions PC10G-CPU, 2PORT-EFR, Plus CPU, Plus EX, Plus EX2, Plus EFR, Plus EFR2, Plus 2P-EFR, PC10P-DP, PC10P-DP-IO, Plus BUS-EX, Nano 10GX, Nano 2ET,PC10PE, PC10PE-16/16P, PC10E, FL/ET-T-V2H, PC10B,PC10B-P, Nano CPU, PC10P, and PC10GE receive an invalid frame, the outside area of a receive buffer for FL-net are overwritten. As a result, the PLC CPU detects a system error, and the affected products stop.Enginsight
| Vendor | Product | Version |
|---|---|---|
| jtekt | pc10g-cpu_firmware | 𝑥 < 3.91 |
| jtekt | 2port-efr_firmware | 𝑥 < 1.50 |
| jtekt | plus_cpu_firmware | 𝑥 < 3.11 |
| jtekt | plus_ex_firmware | 𝑥 < 3.11 |
| jtekt | plus_ex2_firmware | 𝑥 < 3.11 |
| jtekt | plus_efr_firmware | 𝑥 < 3.11 |
| jtekt | plus_efr2_firmware | 𝑥 < 3.11 |
| jtekt | plus_2p-efr_firmware | 𝑥 < 3.11 |
| jtekt | pc10p-dp_firmware | 𝑥 < 1.50 |
| jtekt | pc10p-dp-io_firmware | 𝑥 < 1.50 |
| jtekt | plus_bus-ex_firmware | 𝑥 < 2.13 |
| jtekt | nano_10gx_firmware | 𝑥 < 3.00 |
| jtekt | nano_2et_firmware | 𝑥 < 2.40 |
| jtekt | pc10pe_firmware | 𝑥 < 1.02 |
| jtekt | pc10pe-16\/16p_firmware | 𝑥 < 1.02 |
| jtekt | pc10e_firmware | 𝑥 < 1.02 |
| jtekt | pc10b_firmware | 𝑥 < 1.11 |
| jtekt | pc10b-p_firmware | 𝑥 < 1.11 |
| jtekt | nano_cpu_firmware | 𝑥 < 2.08 |
| jtekt | pc10p_firmware | 𝑥 < 1.05 |
| jtekt | pc10ge_firmware | 𝑥 < 1.04 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory BufferThe software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.