CVE-2022-29951
Summary
| CVE | CVE-2022-29951 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-07-26 22:15:00 UTC |
| Updated | 2022-08-02 19:49:00 UTC |
| Description | JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP protocol (configurable on ports 1024-65534 on either TCP or UDP) for a wide variety of engineering purposes such as starting and stopping the PLC, downloading and uploading projects, and changing configuration settings. This protocol does not have any authentication features, allowing any attacker capable of communicating with the port in question to invoke (a subset of) desired functionality. |
Risk And Classification
Problem Types: CWE-306
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Jtekt | Nano 10gx Tuc-1157 | - | All | All | All |
| Operating System | Jtekt | Nano 10gx Tuc-1157 Firmware | - | All | All | All |
| Hardware | Jtekt | Nano Cpu Tuc-6941 | - | All | All | All |
| Operating System | Jtekt | Nano Cpu Tuc-6941 Firmware | - | All | All | All |
| Hardware | Jtekt | Pc10b-p Tcc-6373 | - | All | All | All |
| Operating System | Jtekt | Pc10b-p Tcc-6373 Firmware | - | All | All | All |
| Hardware | Jtekt | Pc10b Tcc-1021 | - | All | All | All |
| Operating System | Jtekt | Pc10b Tcc-1021 Firmware | - | All | All | All |
| Hardware | Jtekt | Pc10el Tcc-4747 | - | All | All | All |
| Operating System | Jtekt | Pc10el Tcc-4747 Firmware | - | All | All | All |
| Hardware | Jtekt | Pc10e Tcc-4737 | - | All | All | All |
| Operating System | Jtekt | Pc10e Tcc-4737 Firmware | - | All | All | All |
| Hardware | Jtekt | Pc10g-cpu Tcc-6353 | - | All | All | All |
| Operating System | Jtekt | Pc10g-cpu Tcc-6353 Firmware | - | All | All | All |
| Hardware | Jtekt | Pc10ge Tcc-6464 | - | All | All | All |
| Operating System | Jtekt | Pc10ge Tcc-6464 Firmware | - | All | All | All |
| Hardware | Jtekt | Pc10p-dp-io Tcc-6752 | - | All | All | All |
| Operating System | Jtekt | Pc10p-dp-io Tcc-6752 Firmware | - | All | All | All |
| Hardware | Jtekt | Pc10p-dp Tcc-6726 | - | All | All | All |
| Operating System | Jtekt | Pc10p-dp Tcc-6726 Firmware | - | All | All | All |
| Hardware | Jtekt | Pc10pe-1616p Tcc-1102 | - | All | All | All |
| Operating System | Jtekt | Pc10pe-1616p Tcc-1102 Firmware | - | All | All | All |
| Hardware | Jtekt | Pc10pe Tcc-1101 | - | All | All | All |
| Operating System | Jtekt | Pc10pe Tcc-1101 Firmware | - | All | All | All |
| Hardware | Jtekt | Pc10p Tcc-6372 | - | All | All | All |
| Operating System | Jtekt | Pc10p Tcc-6372 Firmware | - | All | All | All |
| Hardware | Jtekt | Pc3jx-d Tcc-6902 | - | All | All | All |
| Operating System | Jtekt | Pc3jx-d Tcc-6902 Firmware | - | All | All | All |
| Hardware | Jtekt | Pc3jx Tcc-6901 | - | All | All | All |
| Operating System | Jtekt | Pc3jx Tcc-6901 Firmware | - | All | All | All |
| Hardware | Jtekt | Pcdl Tkc-6688 | - | All | All | All |
| Operating System | Jtekt | Pcdl Tkc-6688 Firmware | - | All | All | All |
| Hardware | Jtekt | Plus Cpu Tcc-6740 | - | All | All | All |
| Operating System | Jtekt | Plus Cpu Tcc-6740 Firmware | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| JTEKT TOYOPUC | CISA | MISC | www.cisa.gov | |
| Blog - Forescout | MISC | www.forescout.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 590955 JTEKT TOYOPUC Multiple Vulnerabilities (ICSA-22-172-02)