7.8

CVE-2021-27477

When JTEKT Corporation TOYOPUC PLC versions PC10G-CPU, 2PORT-EFR, Plus CPU, Plus EX, Plus EX2, Plus EFR, Plus EFR2, Plus 2P-EFR, PC10P-DP, PC10P-DP-IO, Plus BUS-EX, Nano 10GX, Nano 2ET,PC10PE, PC10PE-16/16P, PC10E, FL/ET-T-V2H, PC10B,PC10B-P, Nano CPU, PC10P, and PC10GE receive an invalid frame, the outside area of a receive buffer for FL-net are overwritten. As a result, the PLC CPU detects a system error, and the affected products stop.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
JtektPc10g-cpu Firmware Version < 3.91
   JtektPc10g-cpu Version-
Jtekt2port-efr Firmware Version < 1.50
   Jtekt2port-efr Version-
JtektPlus Cpu Firmware Version < 3.11
   JtektPlus Cpu Version-
JtektPlus Ex Firmware Version < 3.11
   JtektPlus Ex Version-
JtektPlus Ex2 Firmware Version < 3.11
   JtektPlus Ex2 Version-
JtektPlus Efr Firmware Version < 3.11
   JtektPlus Efr Version-
JtektPlus Efr2 Firmware Version < 3.11
   JtektPlus Efr2 Version-
JtektPlus 2p-efr Firmware Version < 3.11
   JtektPlus 2p-efr Version-
JtektPc10p-dp Firmware Version < 1.50
   JtektPc10p-dp Version-
JtektPc10p-dp-io Firmware Version < 1.50
   JtektPc10p-dp-io Version-
JtektPlus Bus-ex Firmware Version < 2.13
   JtektPlus Bus-ex Version-
JtektNano 10gx Firmware Version < 3.00
   JtektNano 10gx Version-
JtektNano 2et Firmware Version < 2.40
   JtektNano 2et Version-
JtektPc10pe Firmware Version < 1.02
   JtektPc10pe Version-
JtektPc10pe-16/16p Firmware Version < 1.02
   JtektPc10pe-16/16p Version-
JtektPc10e Firmware Version < 1.02
   JtektPc10e Version-
JtektFl/et-t-v2h Firmware Version < f2.8_e1.5
   JtektFl/et-t-v2h Version-
JtektPc10b Firmware Version < 1.11
   JtektPc10b Version-
JtektPc10b-p Firmware Version < 1.11
   JtektPc10b-p Version-
JtektNano Cpu Firmware Version < 2.08
   JtektNano Cpu Version-
JtektPc10p Firmware Version < 1.05
   JtektPc10p Version-
JtektPc10ge Firmware Version < 1.04
   JtektPc10ge Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.462
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://us-cert.cisa.gov/ics/advisories/icsa-21-180-04
Third Party Advisory
US Government Resource