CVE-2022-29951

26.07.2022, 22:15

JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP protocol (configurable on ports 1024-65534 on either TCP or UDP) for a wide variety of engineering purposes such as starting and stopping the PLC, downloading and uploading projects, and changing configuration settings. This protocol does not have any authentication features, allowing any attacker capable of communicating with the port in question to invoke (a subset of) desired functionality.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.1 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
jtekt	pc10g-cpu_tcc-6353_firmware	-
jtekt	pc10ge_tcc-6464_firmware	-
jtekt	pc10p_tcc-6372_firmware	-
jtekt	pc10p-dp_tcc-6726_firmware	-
jtekt	pc10p-dp-io_tcc-6752_firmware	-
jtekt	pc10b-p_tcc-6373_firmware	-
jtekt	pc10b_tcc-1021_firmware	-
jtekt	pc10e_tcc-4737_firmware	-
jtekt	pc10el_tcc-4747_firmware	-
jtekt	plus_cpu_tcc-6740_firmware	-
jtekt	pc3jx_tcc-6901_firmware	-
jtekt	pc3jx-d_tcc-6902_firmware	-
jtekt	pc10pe_tcc-1101_firmware	-
jtekt	pc10pe-1616p_tcc-1102_firmware	-
jtekt	pcdl_tkc-6688_firmware	-
jtekt	nano_10gx_tuc-1157_firmware	-
jtekt	nano_cpu_tuc-6941_firmware	-

𝑥

= Vulnerable software versions

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
jtekt	pc10g-cpu_tcc-6353_firmware	𝑥 < *	ADP

Common Weakness Enumeration

CWE-306 - Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-172-02

https://www.forescout.com/blog/

https://www.cisa.gov/uscert/ics/advisories/icsa-22-172-02

https://www.forescout.com/blog/