{ "id": "CVE-2022-29951", "sourceIdentifier": "cve@mitre.org", "published": "2022-07-26T22:15:10.800", "lastModified": "2024-11-21T07:00:02.900", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP protocol (configurable on ports 1024-65534 on either TCP or UDP) for a wide variety of engineering purposes such as starting and stopping the PLC, downloading and uploading projects, and changing configuration settings. This protocol does not have any authentication features, allowing any attacker capable of communicating with the port in question to invoke (a subset of) desired functionality." }, { "lang": "es", "value": "JTEKT TOYOPUC PLC versiones hasta 29-04-2022, manejan inapropiadamente la autenticaci\u00f3n. Usan el protocolo CMPLink/TCP (configurable en los puertos 1024-65534 en TCP o UDP) para una amplia variedad de prop\u00f3sitos de ingenier\u00eda tales como el arranque y la parada del PLC, la descarga y la carga de proyectos, y el cambio de los ajustes de configuraci\u00f3n. Este protocolo no presenta ninguna caracter\u00edstica de autenticaci\u00f3n, permitiendo a cualquier atacante capaz de comunicarse con el puerto en cuesti\u00f3n para invocar (un subconjunto de) la funcionalidad deseada." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "baseScore": 9.1, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 5.2 }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "baseScore": 9.1, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 5.2 } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-306" } ] }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-306" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:jtekt:pc10g-cpu_tcc-6353_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "C91AC65C-2D29-4BA0-911F-4D42E1A1AE28" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:jtekt:pc10g-cpu_tcc-6353:-:*:*:*:*:*:*:*", "matchCriteriaId": "F04AF876-5E55-4C88-838B-DD5DDD1552C6" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:jtekt:pc10ge_tcc-6464_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "3543E5E2-52C9-4E2F-96E4-7BBFA045EDB4" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:jtekt:pc10ge_tcc-6464:-:*:*:*:*:*:*:*", "matchCriteriaId": "87DF2EE4-5E67-44A6-9AB7-FB410969EDBE" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:jtekt:pc10p_tcc-6372_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "5F6123E0-C964-4FE6-AC2C-9A2EA140F375" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:jtekt:pc10p_tcc-6372:-:*:*:*:*:*:*:*", "matchCriteriaId": "672B6DD3-C648-407A-B6D8-19873AD06C44" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:jtekt:pc10p-dp_tcc-6726_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "04C94CA5-3C3E-4A77-A96E-EA2324DEA789" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:jtekt:pc10p-dp_tcc-6726:-:*:*:*:*:*:*:*", "matchCriteriaId": "D1EC7789-88A6-4243-A889-113B42A0BF39" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:jtekt:pc10p-dp-io_tcc-6752_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "B70B908D-5B10-4C45-8A40-5338728C3451" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:jtekt:pc10p-dp-io_tcc-6752:-:*:*:*:*:*:*:*", "matchCriteriaId": "00B5D860-D3F8-4A19-8E4D-B2178D446D59" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:jtekt:pc10b-p_tcc-6373_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "C372FDBF-B215-4D28-BB28-3269626DDC1D" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:jtekt:pc10b-p_tcc-6373:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C51F492-AF58-4800-A2D1-2D20E92F59FE" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:jtekt:pc10b_tcc-1021_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F596DCEE-EC95-4863-87EE-6A5C407D3DD3" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:jtekt:pc10b_tcc-1021:-:*:*:*:*:*:*:*", "matchCriteriaId": "D6E44DDD-B13A-4947-9307-0210F0AC09D9" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:jtekt:pc10e_tcc-4737_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7AED0D-0D07-49EB-B806-AF51DFEAA497" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:jtekt:pc10e_tcc-4737:-:*:*:*:*:*:*:*", "matchCriteriaId": "A19D9485-3144-493D-8E55-CD364A3D6DEE" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:jtekt:pc10el_tcc-4747_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "2B17FC3A-69F5-4A5E-AB26-15F52A15E6D0" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:jtekt:pc10el_tcc-4747:-:*:*:*:*:*:*:*", "matchCriteriaId": "552E34B1-3FD7-4F47-B909-CA4E509073D5" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:jtekt:plus_cpu_tcc-6740_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "362C80D6-2CBD-4A02-850B-2A3B3548F7C7" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:jtekt:plus_cpu_tcc-6740:-:*:*:*:*:*:*:*", "matchCriteriaId": "BA42608E-EDD1-47D0-8A0A-8DCC2D0B31D8" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:jtekt:pc3jx_tcc-6901_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "DA78F4E1-1AA9-4BBD-A17A-578C19F3635C" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:jtekt:pc3jx_tcc-6901:-:*:*:*:*:*:*:*", "matchCriteriaId": "CE7900A0-9C1D-46AC-9D40-78B81CF3D7BD" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:jtekt:pc3jx-d_tcc-6902_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "658BA125-ED0B-4758-A604-4C34B2668803" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:jtekt:pc3jx-d_tcc-6902:-:*:*:*:*:*:*:*", "matchCriteriaId": "2F079579-CB80-40EC-ABA7-9405C7820E16" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:jtekt:pc10pe_tcc-1101_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "8BA4A9C9-D2FC-4CD6-8CB1-90A2E8404AA4" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:jtekt:pc10pe_tcc-1101:-:*:*:*:*:*:*:*", "matchCriteriaId": "26B11C50-D100-4750-9B11-6E04B00D1B09" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:jtekt:pc10pe-1616p_tcc-1102_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "C94F4BFE-A694-4D3B-8C48-8D8BFCF6AB59" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:jtekt:pc10pe-1616p_tcc-1102:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FF8AE6D-9D67-4505-AB49-6E1A78C747B9" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:jtekt:pcdl_tkc-6688_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F6FDAC7E-289F-468F-9375-4C0973BF8D36" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:jtekt:pcdl_tkc-6688:-:*:*:*:*:*:*:*", "matchCriteriaId": "70FC561D-0382-4846-8F86-2A29FDCF7110" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:jtekt:nano_10gx_tuc-1157_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "B52E2909-CD1A-4831-A58D-6C6FB4800B1F" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:jtekt:nano_10gx_tuc-1157:-:*:*:*:*:*:*:*", "matchCriteriaId": "20320E55-A6F8-41F1-AD3F-617A63F938D7" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:jtekt:nano_cpu_tuc-6941_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FC74D2CD-13DB-4BF2-8C8D-6871507C66F7" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:jtekt:nano_cpu_tuc-6941:-:*:*:*:*:*:*:*", "matchCriteriaId": "A82E890C-7D4B-469E-AAE3-0875AF8C5599" } ] } ] } ], "references": [ { "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-172-02", "source": "cve@mitre.org", "tags": [ "Mitigation", "Third Party Advisory", "US Government Resource" ] }, { "url": "https://www.forescout.com/blog/", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-172-02", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mitigation", "Third Party Advisory", "US Government Resource" ] }, { "url": "https://www.forescout.com/blog/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ] } ] }