2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2022-29951" ,
"sourceIdentifier" : "cve@mitre.org" ,
"published" : "2022-07-26T22:15:10.800" ,
2024-12-08 03:06:42 +00:00
"lastModified" : "2024-11-21T07:00:02.900" ,
2024-10-28 03:03:22 +00:00
"vulnStatus" : "Modified" ,
2024-07-14 02:06:08 +00:00
"cveTags" : [ ] ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP protocol (configurable on ports 1024-65534 on either TCP or UDP) for a wide variety of engineering purposes such as starting and stopping the PLC, downloading and uploading projects, and changing configuration settings. This protocol does not have any authentication features, allowing any attacker capable of communicating with the port in question to invoke (a subset of) desired functionality."
} ,
{
"lang" : "es" ,
"value" : "JTEKT TOYOPUC PLC versiones hasta 29-04-2022, manejan inapropiadamente la autenticaci\u00f3n. Usan el protocolo CMPLink/TCP (configurable en los puertos 1024-65534 en TCP o UDP) para una amplia variedad de prop\u00f3sitos de ingenier\u00eda tales como el arranque y la parada del PLC, la descarga y la carga de proyectos, y el cambio de los ajustes de configuraci\u00f3n. Este protocolo no presenta ninguna caracter\u00edstica de autenticaci\u00f3n, permitiendo a cualquier atacante capaz de comunicarse con el puerto en cuesti\u00f3n para invocar (un subconjunto de) la funcionalidad deseada."
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 9.1 ,
"baseSeverity" : "CRITICAL" ,
2023-04-24 12:24:31 +02:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "NONE" ,
"integrityImpact" : "HIGH" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "HIGH"
2023-04-24 12:24:31 +02:00
} ,
"exploitabilityScore" : 3.9 ,
"impactScore" : 5.2
2024-10-28 03:03:22 +00:00
} ,
{
"source" : "134c704f-9b21-4f2e-91b3-4a467353bcc0" ,
"type" : "Secondary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 9.1 ,
"baseSeverity" : "CRITICAL" ,
2024-10-28 03:03:22 +00:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "NONE" ,
"integrityImpact" : "HIGH" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "HIGH"
2024-10-28 03:03:22 +00:00
} ,
"exploitabilityScore" : 3.9 ,
"impactScore" : 5.2
2023-04-24 12:24:31 +02:00
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-306"
}
]
2024-10-28 03:03:22 +00:00
} ,
{
"source" : "134c704f-9b21-4f2e-91b3-4a467353bcc0" ,
"type" : "Secondary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-306"
}
]
2023-04-24 12:24:31 +02:00
}
] ,
"configurations" : [
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:jtekt:pc10g-cpu_tcc-6353_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "C91AC65C-2D29-4BA0-911F-4D42E1A1AE28"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:jtekt:pc10g-cpu_tcc-6353:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "F04AF876-5E55-4C88-838B-DD5DDD1552C6"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:jtekt:pc10ge_tcc-6464_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "3543E5E2-52C9-4E2F-96E4-7BBFA045EDB4"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:jtekt:pc10ge_tcc-6464:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "87DF2EE4-5E67-44A6-9AB7-FB410969EDBE"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:jtekt:pc10p_tcc-6372_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "5F6123E0-C964-4FE6-AC2C-9A2EA140F375"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:jtekt:pc10p_tcc-6372:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "672B6DD3-C648-407A-B6D8-19873AD06C44"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:jtekt:pc10p-dp_tcc-6726_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "04C94CA5-3C3E-4A77-A96E-EA2324DEA789"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:jtekt:pc10p-dp_tcc-6726:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D1EC7789-88A6-4243-A889-113B42A0BF39"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:jtekt:pc10p-dp-io_tcc-6752_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B70B908D-5B10-4C45-8A40-5338728C3451"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:jtekt:pc10p-dp-io_tcc-6752:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "00B5D860-D3F8-4A19-8E4D-B2178D446D59"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:jtekt:pc10b-p_tcc-6373_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "C372FDBF-B215-4D28-BB28-3269626DDC1D"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:jtekt:pc10b-p_tcc-6373:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "5C51F492-AF58-4800-A2D1-2D20E92F59FE"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:jtekt:pc10b_tcc-1021_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "F596DCEE-EC95-4863-87EE-6A5C407D3DD3"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:jtekt:pc10b_tcc-1021:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D6E44DDD-B13A-4947-9307-0210F0AC09D9"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:jtekt:pc10e_tcc-4737_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "AD7AED0D-0D07-49EB-B806-AF51DFEAA497"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:jtekt:pc10e_tcc-4737:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "A19D9485-3144-493D-8E55-CD364A3D6DEE"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:jtekt:pc10el_tcc-4747_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "2B17FC3A-69F5-4A5E-AB26-15F52A15E6D0"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:jtekt:pc10el_tcc-4747:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "552E34B1-3FD7-4F47-B909-CA4E509073D5"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:jtekt:plus_cpu_tcc-6740_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "362C80D6-2CBD-4A02-850B-2A3B3548F7C7"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:jtekt:plus_cpu_tcc-6740:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "BA42608E-EDD1-47D0-8A0A-8DCC2D0B31D8"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:jtekt:pc3jx_tcc-6901_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "DA78F4E1-1AA9-4BBD-A17A-578C19F3635C"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:jtekt:pc3jx_tcc-6901:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "CE7900A0-9C1D-46AC-9D40-78B81CF3D7BD"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:jtekt:pc3jx-d_tcc-6902_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "658BA125-ED0B-4758-A604-4C34B2668803"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:jtekt:pc3jx-d_tcc-6902:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "2F079579-CB80-40EC-ABA7-9405C7820E16"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:jtekt:pc10pe_tcc-1101_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "8BA4A9C9-D2FC-4CD6-8CB1-90A2E8404AA4"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:jtekt:pc10pe_tcc-1101:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "26B11C50-D100-4750-9B11-6E04B00D1B09"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:jtekt:pc10pe-1616p_tcc-1102_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "C94F4BFE-A694-4D3B-8C48-8D8BFCF6AB59"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:jtekt:pc10pe-1616p_tcc-1102:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "9FF8AE6D-9D67-4505-AB49-6E1A78C747B9"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:jtekt:pcdl_tkc-6688_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "F6FDAC7E-289F-468F-9375-4C0973BF8D36"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:jtekt:pcdl_tkc-6688:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "70FC561D-0382-4846-8F86-2A29FDCF7110"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:jtekt:nano_10gx_tuc-1157_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B52E2909-CD1A-4831-A58D-6C6FB4800B1F"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:jtekt:nano_10gx_tuc-1157:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "20320E55-A6F8-41F1-AD3F-617A63F938D7"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:jtekt:nano_cpu_tuc-6941_firmware:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "FC74D2CD-13DB-4BF2-8C8D-6871507C66F7"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:jtekt:nano_cpu_tuc-6941:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "A82E890C-7D4B-469E-AAE3-0875AF8C5599"
}
]
}
]
}
] ,
"references" : [
{
"url" : "https://www.cisa.gov/uscert/ics/advisories/icsa-22-172-02" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Mitigation" ,
"Third Party Advisory" ,
"US Government Resource"
]
} ,
{
"url" : "https://www.forescout.com/blog/" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Third Party Advisory"
]
2024-12-08 03:06:42 +00:00
} ,
{
"url" : "https://www.cisa.gov/uscert/ics/advisories/icsa-22-172-02" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Mitigation" ,
"Third Party Advisory" ,
"US Government Resource"
]
} ,
{
"url" : "https://www.forescout.com/blog/" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Third Party Advisory"
]
2023-04-24 12:24:31 +02:00
}
]
}
