CVE-2021-27458

moderate-risk

Published 2021-04-19

If Ethernet communication of the JTEKT Corporation TOYOPUC product series’ (TOYOPUC-PC10 Series: PC10G-CPU TCC-6353: All versions, PC10GE TCC-6464: All versions, PC10P TCC-6372: All versions, PC10P-DP TCC-6726: All versions, PC10P-DP-IO TCC-6752: All versions, PC10B-P TCC-6373: All versions, PC10B TCC-1021: All versions, PC10B-E/C TCU-6521: All versions, PC10E TCC-4737: All versions; TOYOPUC-Plus Series: Plus CPU TCC-6740: All versions, Plus EX TCU-6741: All versions, Plus EX2 TCU-6858: All versions, Plus EFR TCU-6743: All versions, Plus EFR2 TCU-6859: All versions, Plus 2P-EFR TCU-6929: All versions, Plus BUS-EX TCU-6900: All versions; TOYOPUC-PC3J/PC2J Series: FL/ET-T-V2H THU-6289: All versions, 2PORT-EFR THU-6404: All versions) are left in an open state by an attacker, Ethernet communications cannot be established with other devices, depending on the settings of the link parameters.

Do I need to act?

0.26% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (18)

Pc10G-Cpu Tcc-6353 Firmware

Pc10Ge Tcc-6464 Firmware

Pc10P Tcc-6372 Firmware

Pc10P-Dp Tcc-6726 Firmware

Pc10P-Dp-Io Tcc-6752 Firmware

Pc10B-P Tcc-6373 Firmware

Pc10B Tcc-1021 Firmware

Pc10B-E\/C Tcu-6521 Firmware

Pc10E Tcc-4737 Firmware

Plus Cpu Tcc-6740 Firmware

Plus Ex Tcu-6741 Firmware

Plus Ex2 Tcu-6858 Firmware

Plus Efr Tcu-6743 Firmware

Plus Efr2 Tcu-6859 Firmware

Plus 2P-Efr Tcu-6929 Firmware

Plus Bus-Ex Tcu-6900 Firmware

Fl\/Et-T-V2H Thu-6289 Firmware

2Port-Efr Thu-6404 Firmware

Affected Vendors

Jtekt

References (2)

Third Party Advisory https://us-cert.cisa.gov/ics/advisories/icsa-21-103-03

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 1/34 · Minimal

Exposure 19/34 · Moderate