JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. They utilize the unauthenticated CMPLink/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. Control logic is downloaded to the PLC on a block-by-block basis with a given memory address and a blob of machine code. The logic that is downloaded to the PLC is not cryptographically authenticated, allowing an attacker to execute arbitrary machine code on the PLC's CPU module in the context of the runtime. In the case of the PC10G-CPU, and likely for other CPU modules of the TOYOPUC family, a processor without MPU or MMU is used and this no memory protection or privilege-separation capabilities are available, giving an attacker full control over the CPU.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors Products
Jtekt
  • Pcdl Tkc-6688
  • Pc10el Tcc-4747
  • Nano 10gx Tuc-1157 Firmware
  • Nano Cpu Tuc-6941
  • Pc10p-dp Tcc-6726
  • Pcdl Tkc-6688 Firmware
  • Pc10b Tcc-1021
  • Pc10p-dp Tcc-6726 Firmware
  • Pc10e Tcc-4737
  • Pc3jx Tcc-6901 Firmware
  • Pc10b-p Tcc-6373
  • Pc3jx-d Tcc-6902 Firmware
  • Pc10p Tcc-6372
  • Pc10ge Tcc-6464
  • Pc10pe-1616p Tcc-1102 Firmware
  • Pc10pe Tcc-1101
  • Plus Cpu Tcc-6740 Firmware
  • Pc10ge Tcc-6464 Firmware
  • Pc10p-dp-io Tcc-6752
  • Pc10e Tcc-4737 Firmware
  • Pc3jx-d Tcc-6902
  • Nano 10gx Tuc-1157
  • Plus Cpu Tcc-6740
  • Pc10p Tcc-6372 Firmware
  • Pc10b Tcc-1021 Firmware
  • Pc10b-p Tcc-6373 Firmware
  • Pc10el Tcc-4747 Firmware
  • Nano Cpu Tuc-6941 Firmware
  • Pc10g-cpu Tcc-6353
  • Pc10g-cpu Tcc-6353 Firmware
  • Pc3jx Tcc-6901
  • Pc10pe-1616p Tcc-1102
  • Pc10p-dp-io Tcc-6752 Firmware
  • Pc10pe Tcc-1101 Firmware

Configuration 1 [-]

AND
cpe:2.3:o:jtekt:pc10g-cpu_tcc-6353_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:jtekt:pc10g-cpu_tcc-6353:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:jtekt:pc10ge_tcc-6464_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:jtekt:pc10ge_tcc-6464:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:jtekt:pc10p_tcc-6372_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:jtekt:pc10p_tcc-6372:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:jtekt:pc10p-dp_tcc-6726_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:jtekt:pc10p-dp_tcc-6726:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:jtekt:pc10p-dp-io_tcc-6752_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:jtekt:pc10p-dp-io_tcc-6752:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:jtekt:pc10b-p_tcc-6373_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:jtekt:pc10b-p_tcc-6373:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:jtekt:pc10b_tcc-1021_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:jtekt:pc10b_tcc-1021:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:jtekt:pc10e_tcc-4737_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:jtekt:pc10e_tcc-4737:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:jtekt:pc10el_tcc-4747_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:jtekt:pc10el_tcc-4747:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:jtekt:plus_cpu_tcc-6740_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:jtekt:plus_cpu_tcc-6740:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:jtekt:pc3jx_tcc-6901_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:jtekt:pc3jx_tcc-6901:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:jtekt:pc3jx-d_tcc-6902_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:jtekt:pc3jx-d_tcc-6902:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:jtekt:pc10pe_tcc-1101_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:jtekt:pc10pe_tcc-1101:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:jtekt:pc10pe-1616p_tcc-1102_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:jtekt:pc10pe-1616p_tcc-1102:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:jtekt:pcdl_tkc-6688_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:jtekt:pcdl_tkc-6688:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:jtekt:nano_10gx_tuc-1157_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:jtekt:nano_10gx_tuc-1157:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
cpe:2.3:o:jtekt:nano_cpu_tuc-6941_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:jtekt:nano_cpu_tuc-6941:-:*:*:*:*:*:*:*
References
Link Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-172-02 Third Party Advisory US Government Resource
https://www.forescout.com/blog/ Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-07-26T21:04:34

Updated: 2022-07-26T21:04:34

Reserved: 2022-04-29T00:00:00

Link: CVE-2022-29958

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2022-07-26T22:15:10.963

Modified: 2022-08-03T13:13:49.190

Link: CVE-2022-29958

JSON object: View

cve-icon Redhat Information

No data.

CWE