CVE-2022-29951

JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP protocol (configurable on ports 1024-65534 on either TCP or UDP) for a wide variety of engineering purposes such as starting and stopping the PLC, downloading and uploading projects, and changing configuration settings. This protocol does not have any authentication features, allowing any attacker capable of communicating with the port in question to invoke (a subset of) desired functionality.
References
Link Resource
https://www.forescout.com/blog/ Third Party Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-22-172-02 Mitigation Third Party Advisory US Government Resource
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:jtekt:pc10g-cpu_tcc-6353_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:jtekt:pc10g-cpu_tcc-6353:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:jtekt:pc10ge_tcc-6464_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:jtekt:pc10ge_tcc-6464:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:jtekt:pc10p_tcc-6372_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:jtekt:pc10p_tcc-6372:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:jtekt:pc10p-dp_tcc-6726_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:jtekt:pc10p-dp_tcc-6726:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:jtekt:pc10p-dp-io_tcc-6752_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:jtekt:pc10p-dp-io_tcc-6752:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:jtekt:pc10b-p_tcc-6373_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:jtekt:pc10b-p_tcc-6373:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:jtekt:pc10b_tcc-1021_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:jtekt:pc10b_tcc-1021:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:jtekt:pc10e_tcc-4737_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:jtekt:pc10e_tcc-4737:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:jtekt:pc10el_tcc-4747_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:jtekt:pc10el_tcc-4747:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:jtekt:plus_cpu_tcc-6740_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:jtekt:plus_cpu_tcc-6740:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:jtekt:pc3jx_tcc-6901_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:jtekt:pc3jx_tcc-6901:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:jtekt:pc3jx-d_tcc-6902_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:jtekt:pc3jx-d_tcc-6902:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:jtekt:pc10pe_tcc-1101_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:jtekt:pc10pe_tcc-1101:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:jtekt:pc10pe-1616p_tcc-1102_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:jtekt:pc10pe-1616p_tcc-1102:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:jtekt:pcdl_tkc-6688_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:jtekt:pcdl_tkc-6688:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:jtekt:nano_10gx_tuc-1157_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:jtekt:nano_10gx_tuc-1157:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:jtekt:nano_cpu_tuc-6941_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:jtekt:nano_cpu_tuc-6941:-:*:*:*:*:*:*:*

Information

Published : 2022-07-26 15:15

Updated : 2022-08-02 12:49


NVD link : CVE-2022-29951

Mitre link : CVE-2022-29951


JSON object : View

CWE
CWE-306

Missing Authentication for Critical Function

Advertisement

dedicated server usa

Products Affected

jtekt

  • pc10el_tcc-4747
  • pc10p-dp_tcc-6726
  • pcdl_tkc-6688
  • pc10p-dp-io_tcc-6752
  • pc10p-dp-io_tcc-6752_firmware
  • pc3jx_tcc-6901_firmware
  • pc10b_tcc-1021
  • pc10pe-1616p_tcc-1102_firmware
  • pc10ge_tcc-6464
  • pc10g-cpu_tcc-6353
  • pc10p_tcc-6372_firmware
  • pc3jx_tcc-6901
  • pc10p-dp_tcc-6726_firmware
  • nano_cpu_tuc-6941
  • pc10pe-1616p_tcc-1102
  • pc10el_tcc-4747_firmware
  • pc10b-p_tcc-6373
  • pc10pe_tcc-1101
  • pc10g-cpu_tcc-6353_firmware
  • pc10b-p_tcc-6373_firmware
  • pc10e_tcc-4737_firmware
  • pc10pe_tcc-1101_firmware
  • nano_cpu_tuc-6941_firmware
  • pc3jx-d_tcc-6902
  • plus_cpu_tcc-6740
  • pc10ge_tcc-6464_firmware
  • pc10e_tcc-4737
  • nano_10gx_tuc-1157
  • pc10b_tcc-1021_firmware
  • plus_cpu_tcc-6740_firmware
  • nano_10gx_tuc-1157_firmware
  • pcdl_tkc-6688_firmware
  • pc10p_tcc-6372
  • pc3jx-d_tcc-6902_firmware