CVE-2022-29951

high-risk

Published 2022-07-26

JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP protocol (configurable on ports 1024-65534 on either TCP or UDP) for a wide variety of engineering purposes such as starting and stopping the PLC, downloading and uploading projects, and changing configuration settings. This protocol does not have any authentication features, allowing any attacker capable of communicating with the port in question to invoke (a subset of) desired functionality.

Do I need to act?

0.34% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.1/10 Critical

NETWORK / LOW complexity

Affected Products (17)

Pc10G-Cpu Tcc-6353 Firmware

Pc10Ge Tcc-6464 Firmware

Pc10P Tcc-6372 Firmware

Pc10P-Dp Tcc-6726 Firmware

Pc10P-Dp-Io Tcc-6752 Firmware

Pc10B-P Tcc-6373 Firmware

Pc10B Tcc-1021 Firmware

Pc10E Tcc-4737 Firmware

Pc10El Tcc-4747 Firmware

Plus Cpu Tcc-6740 Firmware

Pc3Jx Tcc-6901 Firmware

Pc3Jx-D Tcc-6902 Firmware

Pc10Pe Tcc-1101 Firmware

Pc10Pe-1616P Tcc-1102 Firmware

Pcdl Tkc-6688 Firmware

Nano 10Gx Tuc-1157 Firmware

Nano Cpu Tuc-6941 Firmware

Affected Vendors

Jtekt

References (4)

Mitigation https://www.cisa.gov/uscert/ics/advisories/icsa-22-172-02

Third Party Advisory https://www.forescout.com/blog/

Mitigation https://www.cisa.gov/uscert/ics/advisories/icsa-22-172-02

Third Party Advisory https://www.forescout.com/blog/

/ 100

high-risk

Severity 31/34 · Critical

Exploitability 1/34 · Minimal

Exposure 19/34 · Moderate