CVE-2022-29951 — CRITICAL (9.1)

Vulnerability Description

JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP protocol (configurable on ports 1024-65534 on either TCP or UDP) for a wide variety of engineering purposes such as starting and stopping the PLC, downloading and uploading projects, and changing configuration settings. This protocol does not have any authentication features, allowing any attacker capable of communicating with the port in question to invoke (a subset of) desired functionality.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Jtekt	Pc10G-Cpu Tcc-6353 Firmware	-
Jtekt	Pc10G-Cpu Tcc-6353	-
Jtekt	Pc10Ge Tcc-6464 Firmware	-
Jtekt	Pc10Ge Tcc-6464	-
Jtekt	Pc10P Tcc-6372 Firmware	-
Jtekt	Pc10P Tcc-6372	-
Jtekt	Pc10P-Dp Tcc-6726 Firmware	-
Jtekt	Pc10P-Dp Tcc-6726	-
Jtekt	Pc10P-Dp-Io Tcc-6752 Firmware	-
Jtekt	Pc10P-Dp-Io Tcc-6752	-
Jtekt	Pc10B-P Tcc-6373 Firmware	-
Jtekt	Pc10B-P Tcc-6373	-
Jtekt	Pc10B Tcc-1021 Firmware	-
Jtekt	Pc10B Tcc-1021	-
Jtekt	Pc10E Tcc-4737 Firmware	-
Jtekt	Pc10E Tcc-4737	-
Jtekt	Pc10El Tcc-4747 Firmware	-
Jtekt	Pc10El Tcc-4747	-
Jtekt	Plus Cpu Tcc-6740 Firmware	-
Jtekt	Plus Cpu Tcc-6740	-

Related Weaknesses (CWE)

CWE-306

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-172-02MitigationThird Party AdvisoryUS Government Resource
https://www.forescout.com/blog/Third Party Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-22-172-02MitigationThird Party AdvisoryUS Government Resource
https://www.forescout.com/blog/Third Party Advisory

FAQ

What is CVE-2022-29951?

CVE-2022-29951 is a vulnerability with a CVSS score of 9.1 (CRITICAL). JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP protocol (configurable on ports 1024-65534 on either TCP or UDP) for a wide variety of engineering purposes...

How severe is CVE-2022-29951?

CVE-2022-29951 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2022-29951?

Check the references section above for vendor advisories and patch information. Affected products include: Jtekt Pc10G-Cpu Tcc-6353 Firmware, Jtekt Pc10G-Cpu Tcc-6353, Jtekt Pc10Ge Tcc-6464 Firmware, Jtekt Pc10Ge Tcc-6464, Jtekt Pc10P Tcc-6372 Firmware.