9.1
CVE-2022-29951
- EPSS 0.34%
- Veröffentlicht 26.07.2022 22:15:10
- Zuletzt bearbeitet 21.11.2024 07:00:02
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginJTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP protocol (configurable on ports 1024-65534 on either TCP or UDP) for a wide variety of engineering purposes such as starting and stopping the PLC, downloading and uploading projects, and changing configuration settings. This protocol does not have any authentication features, allowing any attacker capable of communicating with the port in question to invoke (a subset of) desired functionality.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Jtekt ≫ Pc10g-cpu Tcc-6353 Firmware Version-
Jtekt ≫ Pc10ge Tcc-6464 Firmware Version-
Jtekt ≫ Pc10p Tcc-6372 Firmware Version-
Jtekt ≫ Pc10p-dp Tcc-6726 Firmware Version-
Jtekt ≫ Pc10p-dp-io Tcc-6752 Firmware Version-
Jtekt ≫ Pc10b-p Tcc-6373 Firmware Version-
Jtekt ≫ Pc10b Tcc-1021 Firmware Version-
Jtekt ≫ Pc10e Tcc-4737 Firmware Version-
Jtekt ≫ Pc10el Tcc-4747 Firmware Version-
Jtekt ≫ Plus Cpu Tcc-6740 Firmware Version-
Jtekt ≫ Pc3jx Tcc-6901 Firmware Version-
Jtekt ≫ Pc3jx-d Tcc-6902 Firmware Version-
Jtekt ≫ Pc10pe Tcc-1101 Firmware Version-
Jtekt ≫ Pc10pe-1616p Tcc-1102 Firmware Version-
Jtekt ≫ Pcdl Tkc-6688 Firmware Version-
Jtekt ≫ Nano 10gx Tuc-1157 Firmware Version-
Jtekt ≫ Nano Cpu Tuc-6941 Firmware Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.34% | 0.563 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.