9.8

CVE-2022-29958

EPSS 0.12%
Veröffentlicht 26.07.2022 22:15:10
Zuletzt bearbeitet 21.11.2024 07:00:03
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. They utilize the unauthenticated CMPLink/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. Control logic is downloaded to the PLC on a block-by-block basis with a given memory address and a blob of machine code. The logic that is downloaded to the PLC is not cryptographically authenticated, allowing an attacker to execute arbitrary machine code on the PLC's CPU module in the context of the runtime. In the case of the PC10G-CPU, and likely for other CPU modules of the TOYOPUC family, a processor without MPU or MMU is used and this no memory protection or privilege-separation capabilities are available, giving an attacker full control over the CPU.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Jtekt ≫ Pc10g-cpu Tcc-6353 Firmware Version-

Jtekt ≫ Pc10g-cpu Tcc-6353 Version-

Jtekt ≫ Pc10ge Tcc-6464 Firmware Version-

Jtekt ≫ Pc10ge Tcc-6464 Version-

Jtekt ≫ Pc10p Tcc-6372 Firmware Version-

Jtekt ≫ Pc10p Tcc-6372 Version-

Jtekt ≫ Pc10p-dp Tcc-6726 Firmware Version-

Jtekt ≫ Pc10p-dp Tcc-6726 Version-

Jtekt ≫ Pc10p-dp-io Tcc-6752 Firmware Version-

Jtekt ≫ Pc10p-dp-io Tcc-6752 Version-

Jtekt ≫ Pc10b-p Tcc-6373 Firmware Version-

Jtekt ≫ Pc10b-p Tcc-6373 Version-

Jtekt ≫ Pc10b Tcc-1021 Firmware Version-

Jtekt ≫ Pc10b Tcc-1021 Version-

Jtekt ≫ Pc10e Tcc-4737 Firmware Version-

Jtekt ≫ Pc10e Tcc-4737 Version-

Jtekt ≫ Pc10el Tcc-4747 Firmware Version-

Jtekt ≫ Pc10el Tcc-4747 Version-

Jtekt ≫ Plus Cpu Tcc-6740 Firmware Version-

Jtekt ≫ Plus Cpu Tcc-6740 Version-

Jtekt ≫ Pc3jx Tcc-6901 Firmware Version-

Jtekt ≫ Pc3jx Tcc-6901 Version-

Jtekt ≫ Pc3jx-d Tcc-6902 Firmware Version-

Jtekt ≫ Pc3jx-d Tcc-6902 Version-

Jtekt ≫ Pc10pe Tcc-1101 Firmware Version-

Jtekt ≫ Pc10pe Tcc-1101 Version-

Jtekt ≫ Pc10pe-1616p Tcc-1102 Firmware Version-

Jtekt ≫ Pc10pe-1616p Tcc-1102 Version-

Jtekt ≫ Pcdl Tkc-6688 Firmware Version-

Jtekt ≫ Pcdl Tkc-6688 Version-

Jtekt ≫ Nano 10gx Tuc-1157 Firmware Version-

Jtekt ≫ Nano 10gx Tuc-1157 Version-

Jtekt ≫ Nano Cpu Tuc-6941 Firmware Version-

Jtekt ≫ Nano Cpu Tuc-6941 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.322

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-345 Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

https://www.cisa.gov/uscert/ics/advisories/icsa-22-172-02

Third Party Advisory

US Government Resource

https://www.forescout.com/blog/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-29958

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-29958

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-29958

EUVD