CVE-2021-27458 — HIGH (7.5)

Vulnerability Description

If Ethernet communication of the JTEKT Corporation TOYOPUC product series’ (TOYOPUC-PC10 Series: PC10G-CPU TCC-6353: All versions, PC10GE TCC-6464: All versions, PC10P TCC-6372: All versions, PC10P-DP TCC-6726: All versions, PC10P-DP-IO TCC-6752: All versions, PC10B-P TCC-6373: All versions, PC10B TCC-1021: All versions, PC10B-E/C TCU-6521: All versions, PC10E TCC-4737: All versions; TOYOPUC-Plus Series: Plus CPU TCC-6740: All versions, Plus EX TCU-6741: All versions, Plus EX2 TCU-6858: All versions, Plus EFR TCU-6743: All versions, Plus EFR2 TCU-6859: All versions, Plus 2P-EFR TCU-6929: All versions, Plus BUS-EX TCU-6900: All versions; TOYOPUC-PC3J/PC2J Series: FL/ET-T-V2H THU-6289: All versions, 2PORT-EFR THU-6404: All versions) are left in an open state by an attacker, Ethernet communications cannot be established with other devices, depending on the settings of the link parameters.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Jtekt	Pc10G-Cpu Tcc-6353 Firmware	All versions
Jtekt	Pc10G-Cpu Tcc-6353	-
Jtekt	Pc10Ge Tcc-6464 Firmware	All versions
Jtekt	Pc10Ge Tcc-6464	-
Jtekt	Pc10P Tcc-6372 Firmware	All versions
Jtekt	Pc10P Tcc-6372	-
Jtekt	Pc10P-Dp Tcc-6726 Firmware	All versions
Jtekt	Pc10P-Dp Tcc-6726	-
Jtekt	Pc10P-Dp-Io Tcc-6752 Firmware	All versions
Jtekt	Pc10P-Dp-Io Tcc-6752	-
Jtekt	Pc10B-P Tcc-6373 Firmware	All versions
Jtekt	Pc10B-P Tcc-6373	-
Jtekt	Pc10B Tcc-1021 Firmware	All versions
Jtekt	Pc10B Tcc-1021	-
Jtekt	Pc10B-E\/C Tcu-6521 Firmware	All versions
Jtekt	Pc10B-E\/C Tcu-6521	-
Jtekt	Pc10E Tcc-4737 Firmware	All versions
Jtekt	Pc10E Tcc-4737	-
Jtekt	Plus Cpu Tcc-6740 Firmware	All versions
Jtekt	Plus Cpu Tcc-6740	-

Related Weaknesses (CWE)

CWE-404

References

https://us-cert.cisa.gov/ics/advisories/icsa-21-103-03Third Party AdvisoryUS Government Resource
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-03Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2021-27458?

CVE-2021-27458 is a vulnerability with a CVSS score of 7.5 (HIGH). If Ethernet communication of the JTEKT Corporation TOYOPUC product series’ (TOYOPUC-PC10 Series: PC10G-CPU TCC-6353: All versions, PC10GE TCC-6464: All versions, PC10P TCC-6372: All versions, PC10P-DP...

How severe is CVE-2021-27458?

CVE-2021-27458 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-27458?

Check the references section above for vendor advisories and patch information. Affected products include: Jtekt Pc10G-Cpu Tcc-6353 Firmware, Jtekt Pc10G-Cpu Tcc-6353, Jtekt Pc10Ge Tcc-6464 Firmware, Jtekt Pc10Ge Tcc-6464, Jtekt Pc10P Tcc-6372 Firmware.