CVE-2021-27477
moderate-risk
Published 2021-07-01
When JTEKT Corporation TOYOPUC PLC versions PC10G-CPU, 2PORT-EFR, Plus CPU, Plus EX, Plus EX2, Plus EFR, Plus EFR2, Plus 2P-EFR, PC10P-DP, PC10P-DP-IO, Plus BUS-EX, Nano 10GX, Nano 2ET,PC10PE, PC10PE-16/16P, PC10E, FL/ET-T-V2H, PC10B,PC10B-P, Nano CPU, PC10P, and PC10GE receive an invalid frame, the outside area of a receive buffer for FL-net are overwritten. As a result, the PLC CPU detects a system error, and the affected products stop.
Do I need to act?
-
0.23% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (20)
Pc10G-Cpu Firmware
2Port-Efr Firmware
Plus Cpu Firmware
Plus Ex Firmware
Plus Ex2 Firmware
Plus Efr Firmware
Plus Efr2 Firmware
Plus 2P-Efr Firmware
Pc10P-Dp Firmware
Pc10P-Dp-Io Firmware
Plus Bus-Ex Firmware
Nano 10Gx Firmware
Nano 2Et Firmware
Pc10Pe Firmware
Pc10Pe-16\/16P Firmware
Pc10E Firmware
Fl\/Et-T-V2H Firmware
Pc10B Firmware
Pc10B-P Firmware
Nano Cpu Firmware
Affected Vendors
References (2)
Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-180-04
Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-180-04
47
/ 100
moderate-risk
Severity
26/34 · High
Exploitability
1/34 · Minimal
Exposure
20/34 · Moderate