CVE-2022-29958
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. They utilize the unauthenticated CMPLink/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. Control logic is downloaded to the PLC on a block-by-block basis with a given memory address and a blob of machine code. The logic that is downloaded to the PLC is not cryptographically authenticated, allowing an attacker to execute arbitrary machine code on the PLC's CPU module in the context of the runtime. In the case of the PC10G-CPU, and likely for other CPU modules of the TOYOPUC family, a processor without MPU or MMU is used and this no memory protection or privilege-separation capabilities are available, giving an attacker full control over the CPU.
JTEKT TOYOPUC PLC versiones hasta 29-04-2022, no aseguran la integridad de los datos. Usan el protocolo CMPLink/TCP no autenticado para fines de ingeniería, incluyendo la descarga de proyectos y lógica de control al PLC. La lógica de control es descargada en el PLC bloque por bloque con una dirección de memoria determinada y un bloque de código de máquina. La lógica que es descargada en el PLC no está autenticada criptográficamente, lo que permite a un atacante ejecutar código máquina arbitrario en el módulo CPU del PLC en el contexto del tiempo de ejecución. En el caso de la PC10G-CPU, y probablemente para otros módulos de CPU de la familia TOYOPUC, Es usado un procesador sin MPU o MMU y esto sin protección de memoria o capacidades de separación de privilegios, dando a un atacante el control total sobre la CPU.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-04-29 CVE Reserved
- 2022-07-26 CVE Published
- 2024-02-16 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-345: Insufficient Verification of Data Authenticity
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-172-02 | Third Party Advisory | |
| https://www.forescout.com/blog | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Jtekt Search vendor "Jtekt" | Pc10g-cpu Tcc-6353 Firmware Search vendor "Jtekt" for product "Pc10g-cpu Tcc-6353 Firmware" | - | - |
Affected
| in | Jtekt Search vendor "Jtekt" | Pc10g-cpu Tcc-6353 Search vendor "Jtekt" for product "Pc10g-cpu Tcc-6353" | - | - |
Safe
|
| Jtekt Search vendor "Jtekt" | Pc10ge Tcc-6464 Firmware Search vendor "Jtekt" for product "Pc10ge Tcc-6464 Firmware" | - | - |
Affected
| in | Jtekt Search vendor "Jtekt" | Pc10ge Tcc-6464 Search vendor "Jtekt" for product "Pc10ge Tcc-6464" | - | - |
Safe
|
| Jtekt Search vendor "Jtekt" | Pc10p Tcc-6372 Firmware Search vendor "Jtekt" for product "Pc10p Tcc-6372 Firmware" | - | - |
Affected
| in | Jtekt Search vendor "Jtekt" | Pc10p Tcc-6372 Search vendor "Jtekt" for product "Pc10p Tcc-6372" | - | - |
Safe
|
| Jtekt Search vendor "Jtekt" | Pc10p-dp Tcc-6726 Firmware Search vendor "Jtekt" for product "Pc10p-dp Tcc-6726 Firmware" | - | - |
Affected
| in | Jtekt Search vendor "Jtekt" | Pc10p-dp Tcc-6726 Search vendor "Jtekt" for product "Pc10p-dp Tcc-6726" | - | - |
Safe
|
| Jtekt Search vendor "Jtekt" | Pc10p-dp-io Tcc-6752 Firmware Search vendor "Jtekt" for product "Pc10p-dp-io Tcc-6752 Firmware" | - | - |
Affected
| in | Jtekt Search vendor "Jtekt" | Pc10p-dp-io Tcc-6752 Search vendor "Jtekt" for product "Pc10p-dp-io Tcc-6752" | - | - |
Safe
|
| Jtekt Search vendor "Jtekt" | Pc10b-p Tcc-6373 Firmware Search vendor "Jtekt" for product "Pc10b-p Tcc-6373 Firmware" | - | - |
Affected
| in | Jtekt Search vendor "Jtekt" | Pc10b-p Tcc-6373 Search vendor "Jtekt" for product "Pc10b-p Tcc-6373" | - | - |
Safe
|
| Jtekt Search vendor "Jtekt" | Pc10b Tcc-1021 Firmware Search vendor "Jtekt" for product "Pc10b Tcc-1021 Firmware" | - | - |
Affected
| in | Jtekt Search vendor "Jtekt" | Pc10b Tcc-1021 Search vendor "Jtekt" for product "Pc10b Tcc-1021" | - | - |
Safe
|
| Jtekt Search vendor "Jtekt" | Pc10e Tcc-4737 Firmware Search vendor "Jtekt" for product "Pc10e Tcc-4737 Firmware" | - | - |
Affected
| in | Jtekt Search vendor "Jtekt" | Pc10e Tcc-4737 Search vendor "Jtekt" for product "Pc10e Tcc-4737" | - | - |
Safe
|
| Jtekt Search vendor "Jtekt" | Pc10el Tcc-4747 Firmware Search vendor "Jtekt" for product "Pc10el Tcc-4747 Firmware" | - | - |
Affected
| in | Jtekt Search vendor "Jtekt" | Pc10el Tcc-4747 Search vendor "Jtekt" for product "Pc10el Tcc-4747" | - | - |
Safe
|
| Jtekt Search vendor "Jtekt" | Plus Cpu Tcc-6740 Firmware Search vendor "Jtekt" for product "Plus Cpu Tcc-6740 Firmware" | - | - |
Affected
| in | Jtekt Search vendor "Jtekt" | Plus Cpu Tcc-6740 Search vendor "Jtekt" for product "Plus Cpu Tcc-6740" | - | - |
Safe
|
| Jtekt Search vendor "Jtekt" | Pc3jx Tcc-6901 Firmware Search vendor "Jtekt" for product "Pc3jx Tcc-6901 Firmware" | - | - |
Affected
| in | Jtekt Search vendor "Jtekt" | Pc3jx Tcc-6901 Search vendor "Jtekt" for product "Pc3jx Tcc-6901" | - | - |
Safe
|
| Jtekt Search vendor "Jtekt" | Pc3jx-d Tcc-6902 Firmware Search vendor "Jtekt" for product "Pc3jx-d Tcc-6902 Firmware" | - | - |
Affected
| in | Jtekt Search vendor "Jtekt" | Pc3jx-d Tcc-6902 Search vendor "Jtekt" for product "Pc3jx-d Tcc-6902" | - | - |
Safe
|
| Jtekt Search vendor "Jtekt" | Pc10pe Tcc-1101 Firmware Search vendor "Jtekt" for product "Pc10pe Tcc-1101 Firmware" | - | - |
Affected
| in | Jtekt Search vendor "Jtekt" | Pc10pe Tcc-1101 Search vendor "Jtekt" for product "Pc10pe Tcc-1101" | - | - |
Safe
|
| Jtekt Search vendor "Jtekt" | Pc10pe-1616p Tcc-1102 Firmware Search vendor "Jtekt" for product "Pc10pe-1616p Tcc-1102 Firmware" | - | - |
Affected
| in | Jtekt Search vendor "Jtekt" | Pc10pe-1616p Tcc-1102 Search vendor "Jtekt" for product "Pc10pe-1616p Tcc-1102" | - | - |
Safe
|
| Jtekt Search vendor "Jtekt" | Pcdl Tkc-6688 Firmware Search vendor "Jtekt" for product "Pcdl Tkc-6688 Firmware" | - | - |
Affected
| in | Jtekt Search vendor "Jtekt" | Pcdl Tkc-6688 Search vendor "Jtekt" for product "Pcdl Tkc-6688" | - | - |
Safe
|
| Jtekt Search vendor "Jtekt" | Nano 10gx Tuc-1157 Firmware Search vendor "Jtekt" for product "Nano 10gx Tuc-1157 Firmware" | - | - |
Affected
| in | Jtekt Search vendor "Jtekt" | Nano 10gx Tuc-1157 Search vendor "Jtekt" for product "Nano 10gx Tuc-1157" | - | - |
Safe
|
| Jtekt Search vendor "Jtekt" | Nano Cpu Tuc-6941 Firmware Search vendor "Jtekt" for product "Nano Cpu Tuc-6941 Firmware" | - | - |
Affected
| in | Jtekt Search vendor "Jtekt" | Nano Cpu Tuc-6941 Search vendor "Jtekt" for product "Nano Cpu Tuc-6941" | - | - |
Safe
|