CVE-2021-27458
CVSS V2 Medium 5
CVSS V3 High 7.5
Description
If Ethernet communication of the JTEKT Corporation TOYOPUC product series’ (TOYOPUC-PC10 Series: PC10G-CPU TCC-6353: All versions, PC10GE TCC-6464: All versions, PC10P TCC-6372: All versions, PC10P-DP TCC-6726: All versions, PC10P-DP-IO TCC-6752: All versions, PC10B-P TCC-6373: All versions, PC10B TCC-1021: All versions, PC10B-E/C TCU-6521: All versions, PC10E TCC-4737: All versions; TOYOPUC-Plus Series: Plus CPU TCC-6740: All versions, Plus EX TCU-6741: All versions, Plus EX2 TCU-6858: All versions, Plus EFR TCU-6743: All versions, Plus EFR2 TCU-6859: All versions, Plus 2P-EFR TCU-6929: All versions, Plus BUS-EX TCU-6900: All versions; TOYOPUC-PC3J/PC2J Series: FL/ET-T-V2H THU-6289: All versions, 2PORT-EFR THU-6404: All versions) are left in an open state by an attacker, Ethernet communications cannot be established with other devices, depending on the settings of the link parameters.
Overview
- CVE ID
- CVE-2021-27458
- Assigner
- ics-cert@hq.dhs.gov
- Vulnerability Status
- Analyzed
- Published Version
- 2021-04-19T22:15:12
- Last Modified Date
- 2021-04-29T15:05:16
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| AND | ||||
| cpe:2.3:o:jtekt:pc10g-cpu_tcc-6353_firmware:*:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:jtekt:pc10g-cpu_tcc-6353:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:jtekt:pc10ge_tcc-6464_firmware:*:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:jtekt:pc10ge_tcc-6464:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:jtekt:pc10p_tcc-6372_firmware:*:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:jtekt:pc10p_tcc-6372:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:jtekt:pc10p-dp_tcc-6726_firmware:*:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:jtekt:pc10p-dp_tcc-6726:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:jtekt:pc10p-dp-io_tcc-6752_firmware:*:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:jtekt:pc10p-dp-io_tcc-6752:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:jtekt:pc10b-p_tcc-6373_firmware:*:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:jtekt:pc10b-p_tcc-6373:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:jtekt:pc10b_tcc-1021_firmware:*:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:jtekt:pc10b_tcc-1021:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:jtekt:pc10b-e\/c_tcu-6521_firmware:*:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:jtekt:pc10b-e\/c_tcu-6521:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:jtekt:pc10e_tcc-4737_firmware:*:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:jtekt:pc10e_tcc-4737:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:jtekt:plus_cpu_tcc-6740_firmware:*:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:jtekt:plus_cpu_tcc-6740:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:jtekt:plus_ex_tcu-6741_firmware:*:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:jtekt:plus_ex_tcu-6741:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:jtekt:plus_ex2_tcu-6858_firmware:*:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:jtekt:plus_ex2_tcu-6858:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:jtekt:plus_efr_tcu-6743_firmware:*:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:jtekt:plus_efr_tcu-6743:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:jtekt:plus_efr2_tcu-6859_firmware:*:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:jtekt:plus_efr2_tcu-6859:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:jtekt:plus_2p-efr_tcu-6929_firmware:*:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:jtekt:plus_2p-efr_tcu-6929:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:jtekt:plus_bus-ex_tcu-6900_firmware:*:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:jtekt:plus_bus-ex_tcu-6900:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:jtekt:fl\/et-t-v2h_thu-6289_firmware:*:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:jtekt:fl\/et-t-v2h_thu-6289:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:jtekt:2port-efr_thu-6404_firmware:*:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:jtekt:2port-efr_thu-6404:-:*:*:*:*:*:*:* | 0 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:L/Au:N/C:N/I:N/A:P
- Access Vector
- NETWORK
- Access Compatibility
- LOW
- Authentication
- NONE
- Confidentiality Impact
- NONE
- Integrity Impact
- NONE
- Availability Impact
- PARTIAL
- Base Score
- 5
- Severity
- MEDIUM
- Exploitability Score
- 10
- Impact Score
- 2.9
CVSS Version 3
- Version
- 3.1
- Vector String
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Attack Vector
- NETWORK
- Attack Compatibility
- LOW
- Privileges Required
- NONE
- User Interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality Impact
- NONE
- Availability Impact
- HIGH
- Base Score
- 7.5
- Base Severity
- HIGH
- Exploitability Score
- 3.9
- Impact Score
- 3.6
References
| Reference URL | Reference Tags |
|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-21-103-03 | Third Party Advisory US Government Resource |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2021-27458 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27458 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-05-10 07:13:47 | Added to TrackCVE | |||
| 2022-12-06 02:08:50 | 2021-04-19T22:15Z | 2021-04-19T22:15:12 | CVE Published Date | updated |
| 2022-12-06 02:08:50 | 2021-04-29T15:05:16 | CVE Modified Date | updated | |
| 2022-12-06 02:08:50 | Analyzed | Vulnerability Status | updated |