CVE-2022-29951
Severity Score
9.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP protocol (configurable on ports 1024-65534 on either TCP or UDP) for a wide variety of engineering purposes such as starting and stopping the PLC, downloading and uploading projects, and changing configuration settings. This protocol does not have any authentication features, allowing any attacker capable of communicating with the port in question to invoke (a subset of) desired functionality.
JTEKT TOYOPUC PLC versiones hasta 29-04-2022, manejan inapropiadamente la autenticación. Usan el protocolo CMPLink/TCP (configurable en los puertos 1024-65534 en TCP o UDP) para una amplia variedad de propósitos de ingeniería tales como el arranque y la parada del PLC, la descarga y la carga de proyectos, y el cambio de los ajustes de configuración. Este protocolo no presenta ninguna característica de autenticación, permitiendo a cualquier atacante capaz de comunicarse con el puerto en cuestión para invocar (un subconjunto de) la funcionalidad deseada.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-04-29 CVE Reserved
- 2022-07-26 CVE Published
- 2024-02-16 EPSS Updated
- 2024-10-27 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-306: Missing Authentication for Critical Function
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-172-02 | Mitigation | |
| https://www.forescout.com/blog | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Jtekt Search vendor "Jtekt" | Pc10g-cpu Tcc-6353 Firmware Search vendor "Jtekt" for product "Pc10g-cpu Tcc-6353 Firmware" | - | - |
Affected
| in | Jtekt Search vendor "Jtekt" | Pc10g-cpu Tcc-6353 Search vendor "Jtekt" for product "Pc10g-cpu Tcc-6353" | - | - |
Safe
|
| Jtekt Search vendor "Jtekt" | Pc10ge Tcc-6464 Firmware Search vendor "Jtekt" for product "Pc10ge Tcc-6464 Firmware" | - | - |
Affected
| in | Jtekt Search vendor "Jtekt" | Pc10ge Tcc-6464 Search vendor "Jtekt" for product "Pc10ge Tcc-6464" | - | - |
Safe
|
| Jtekt Search vendor "Jtekt" | Pc10p Tcc-6372 Firmware Search vendor "Jtekt" for product "Pc10p Tcc-6372 Firmware" | - | - |
Affected
| in | Jtekt Search vendor "Jtekt" | Pc10p Tcc-6372 Search vendor "Jtekt" for product "Pc10p Tcc-6372" | - | - |
Safe
|
| Jtekt Search vendor "Jtekt" | Pc10p-dp Tcc-6726 Firmware Search vendor "Jtekt" for product "Pc10p-dp Tcc-6726 Firmware" | - | - |
Affected
| in | Jtekt Search vendor "Jtekt" | Pc10p-dp Tcc-6726 Search vendor "Jtekt" for product "Pc10p-dp Tcc-6726" | - | - |
Safe
|
| Jtekt Search vendor "Jtekt" | Pc10p-dp-io Tcc-6752 Firmware Search vendor "Jtekt" for product "Pc10p-dp-io Tcc-6752 Firmware" | - | - |
Affected
| in | Jtekt Search vendor "Jtekt" | Pc10p-dp-io Tcc-6752 Search vendor "Jtekt" for product "Pc10p-dp-io Tcc-6752" | - | - |
Safe
|
| Jtekt Search vendor "Jtekt" | Pc10b-p Tcc-6373 Firmware Search vendor "Jtekt" for product "Pc10b-p Tcc-6373 Firmware" | - | - |
Affected
| in | Jtekt Search vendor "Jtekt" | Pc10b-p Tcc-6373 Search vendor "Jtekt" for product "Pc10b-p Tcc-6373" | - | - |
Safe
|
| Jtekt Search vendor "Jtekt" | Pc10b Tcc-1021 Firmware Search vendor "Jtekt" for product "Pc10b Tcc-1021 Firmware" | - | - |
Affected
| in | Jtekt Search vendor "Jtekt" | Pc10b Tcc-1021 Search vendor "Jtekt" for product "Pc10b Tcc-1021" | - | - |
Safe
|
| Jtekt Search vendor "Jtekt" | Pc10e Tcc-4737 Firmware Search vendor "Jtekt" for product "Pc10e Tcc-4737 Firmware" | - | - |
Affected
| in | Jtekt Search vendor "Jtekt" | Pc10e Tcc-4737 Search vendor "Jtekt" for product "Pc10e Tcc-4737" | - | - |
Safe
|
| Jtekt Search vendor "Jtekt" | Pc10el Tcc-4747 Firmware Search vendor "Jtekt" for product "Pc10el Tcc-4747 Firmware" | - | - |
Affected
| in | Jtekt Search vendor "Jtekt" | Pc10el Tcc-4747 Search vendor "Jtekt" for product "Pc10el Tcc-4747" | - | - |
Safe
|
| Jtekt Search vendor "Jtekt" | Plus Cpu Tcc-6740 Firmware Search vendor "Jtekt" for product "Plus Cpu Tcc-6740 Firmware" | - | - |
Affected
| in | Jtekt Search vendor "Jtekt" | Plus Cpu Tcc-6740 Search vendor "Jtekt" for product "Plus Cpu Tcc-6740" | - | - |
Safe
|
| Jtekt Search vendor "Jtekt" | Pc3jx Tcc-6901 Firmware Search vendor "Jtekt" for product "Pc3jx Tcc-6901 Firmware" | - | - |
Affected
| in | Jtekt Search vendor "Jtekt" | Pc3jx Tcc-6901 Search vendor "Jtekt" for product "Pc3jx Tcc-6901" | - | - |
Safe
|
| Jtekt Search vendor "Jtekt" | Pc3jx-d Tcc-6902 Firmware Search vendor "Jtekt" for product "Pc3jx-d Tcc-6902 Firmware" | - | - |
Affected
| in | Jtekt Search vendor "Jtekt" | Pc3jx-d Tcc-6902 Search vendor "Jtekt" for product "Pc3jx-d Tcc-6902" | - | - |
Safe
|
| Jtekt Search vendor "Jtekt" | Pc10pe Tcc-1101 Firmware Search vendor "Jtekt" for product "Pc10pe Tcc-1101 Firmware" | - | - |
Affected
| in | Jtekt Search vendor "Jtekt" | Pc10pe Tcc-1101 Search vendor "Jtekt" for product "Pc10pe Tcc-1101" | - | - |
Safe
|
| Jtekt Search vendor "Jtekt" | Pc10pe-1616p Tcc-1102 Firmware Search vendor "Jtekt" for product "Pc10pe-1616p Tcc-1102 Firmware" | - | - |
Affected
| in | Jtekt Search vendor "Jtekt" | Pc10pe-1616p Tcc-1102 Search vendor "Jtekt" for product "Pc10pe-1616p Tcc-1102" | - | - |
Safe
|
| Jtekt Search vendor "Jtekt" | Pcdl Tkc-6688 Firmware Search vendor "Jtekt" for product "Pcdl Tkc-6688 Firmware" | - | - |
Affected
| in | Jtekt Search vendor "Jtekt" | Pcdl Tkc-6688 Search vendor "Jtekt" for product "Pcdl Tkc-6688" | - | - |
Safe
|
| Jtekt Search vendor "Jtekt" | Nano 10gx Tuc-1157 Firmware Search vendor "Jtekt" for product "Nano 10gx Tuc-1157 Firmware" | - | - |
Affected
| in | Jtekt Search vendor "Jtekt" | Nano 10gx Tuc-1157 Search vendor "Jtekt" for product "Nano 10gx Tuc-1157" | - | - |
Safe
|
| Jtekt Search vendor "Jtekt" | Nano Cpu Tuc-6941 Firmware Search vendor "Jtekt" for product "Nano Cpu Tuc-6941 Firmware" | - | - |
Affected
| in | Jtekt Search vendor "Jtekt" | Nano Cpu Tuc-6941 Search vendor "Jtekt" for product "Nano Cpu Tuc-6941" | - | - |
Safe
|