CVE-2022-29958

CVSS V2 None CVSS V3 Critical 9.8
Description
JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. They utilize the unauthenticated CMPLink/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. Control logic is downloaded to the PLC on a block-by-block basis with a given memory address and a blob of machine code. The logic that is downloaded to the PLC is not cryptographically authenticated, allowing an attacker to execute arbitrary machine code on the PLC's CPU module in the context of the runtime. In the case of the PC10G-CPU, and likely for other CPU modules of the TOYOPUC family, a processor without MPU or MMU is used and this no memory protection or privilege-separation capabilities are available, giving an attacker full control over the CPU.
Overview
  • CVE ID
  • CVE-2022-29958
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-07-26T22:15:10
  • Last Modified Date
  • 2022-08-03T13:13:49
Weakness Enumerations
CWE URL
CWE-345 http://cwe.mitre.org/data/definitions/345.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:jtekt:pc10g-cpu_tcc-6353_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:jtekt:pc10g-cpu_tcc-6353:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:jtekt:pc10ge_tcc-6464_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:jtekt:pc10ge_tcc-6464:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:jtekt:pc10p_tcc-6372_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:jtekt:pc10p_tcc-6372:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:jtekt:pc10p-dp_tcc-6726_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:jtekt:pc10p-dp_tcc-6726:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:jtekt:pc10p-dp-io_tcc-6752_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:jtekt:pc10p-dp-io_tcc-6752:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:jtekt:pc10b-p_tcc-6373_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:jtekt:pc10b-p_tcc-6373:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:jtekt:pc10b_tcc-1021_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:jtekt:pc10b_tcc-1021:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:jtekt:pc10e_tcc-4737_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:jtekt:pc10e_tcc-4737:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:jtekt:pc10el_tcc-4747_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:jtekt:pc10el_tcc-4747:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:jtekt:plus_cpu_tcc-6740_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:jtekt:plus_cpu_tcc-6740:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:jtekt:pc3jx_tcc-6901_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:jtekt:pc3jx_tcc-6901:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:jtekt:pc3jx-d_tcc-6902_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:jtekt:pc3jx-d_tcc-6902:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:jtekt:pc10pe_tcc-1101_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:jtekt:pc10pe_tcc-1101:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:jtekt:pc10pe-1616p_tcc-1102_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:jtekt:pc10pe-1616p_tcc-1102:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:jtekt:pcdl_tkc-6688_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:jtekt:pcdl_tkc-6688:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:jtekt:nano_10gx_tuc-1157_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:jtekt:nano_10gx_tuc-1157:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:jtekt:nano_cpu_tuc-6941_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:jtekt:nano_cpu_tuc-6941:-:*:*:*:*:*:*:* 0 OR
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • HIGH
  • Base Score
  • 9.8
  • Base Severity
  • CRITICAL
  • Exploitability Score
  • 3.9
  • Impact Score
  • 5.9
References
Reference URL Reference Tags
https://www.forescout.com/blog/
https://www.cisa.gov/uscert/ics/advisories/icsa-22-172-02
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-29958
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29958
History
Created Old Value New Value Data Type Notes
2022-07-26 23:00:27 Added to TrackCVE