20 matches found
EUVD-2021-14212
Malware in sbrugna...
EUVD-2022-34265
Malicious code in bioql PyPI...
CVE-2022-29951
JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP protocol configurable on ports 1024-65534 on either TCP or UDP for a wide variety of engineering purposes such as starting and stopping the PLC, downloading and uploading projects, and changing...
CVE-2022-29958
JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. They utilize the unauthenticated CMPLink/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. Control logic is downloaded to the PLC on a block-by-block basis with a given memory...
CVE-2021-27458
If Ethernet communication of the JTEKT Corporation TOYOPUC product series’ TOYOPUC-PC10 Series: PC10G-CPU TCC-6353: All versions, PC10GE TCC-6464: All versions, PC10P TCC-6372: All versions, PC10P-DP TCC-6726: All versions, PC10P-DP-IO TCC-6752: All versions, PC10B-P TCC-6373: All versions, PC10B...
CVE-2022-29951
JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP protocol configurable on ports 1024-65534 on either TCP or UDP for a wide variety of engineering purposes such as starting and stopping the PLC, downloading and uploading projects, and changing...
CVE-2022-29951
JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP protocol configurable on ports 1024-65534 on either TCP or UDP for a wide variety of engineering purposes such as starting and stopping the PLC, downloading and uploading projects, and changing...
CVE-2022-29958
JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. They utilize the unauthenticated CMPLink/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. Control logic is downloaded to the PLC on a block-by-block basis with a given memory...
Authentication flaw
JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP protocol configurable on ports 1024-65534 on either TCP or UDP for a wide variety of engineering purposes such as starting and stopping the PLC, downloading and uploading projects, and changing...
CVE-2022-29951
JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP protocol configurable on ports 1024-65534 on either TCP or UDP for a wide variety of engineering purposes such as starting and stopping the PLC, downloading and uploading projects, and changing...
CVE-2022-29951
CVE-2022-29951 affects JTEKT TOYOPUC PLCs (CMPLink/TCP protocol) up to 2022-04-29. The CMPLink/TCP service on ports 1024–65534 (TCP/UDP) has no authentication, enabling a remote attacker capable of communicating with the port to invoke a subset of functions (start/stop PLC, upload/download projec...
CVE-2022-29958
JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. They utilize the unauthenticated CMPLink/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. Control logic is downloaded to the PLC on a block-by-block basis with a given memory...
JTEKT TOYOPUC Missing Authentication For Critical Function (CVE-2022-29951, CVE-2022-29958)
The device may be vulnerable to flaws related to OT:ICEFALL. These vulnerabilities identify the insecure-by-design nature of OT devices and may not have a clear remediation path. As such, Nessus is unable to test specifically for these vulnerabilities but has identified the device to be one that...
CISA Releases Security Advisories Related to OT:ICEFALL (Insecure by Design) Report
CISA is aware that Forescout researchers have released OT:ICEFALL, a report on 56 vulnerabilities caused by insecure-by-design practices in operational technology across multiple vendors. The vulnerabilities are divided into four main categories: insecure engineering protocols, weak cryptography ...
PT-2022-3088 · Jtekt · Jtekt Toyopuc Plcs
Name of the Vulnerable Software and Affected Versions: JTEKT TOYOPUC PLCs through 2022-04-29 Description: The issue is related to the mishandling of authentication in JTEKT TOYOPUC PLCs. They utilize the CMPLink/TCP protocol, which is configurable on ports 1024-65534 on either TCP or UDP, for...
JTEKT TOYOPUC Products 访问控制错误漏洞
JTEKT TOYOPUC Products is a family of programmable controllers from JTEKT Japan. An access control error vulnerability exists in JTEKT TOYOPUC Products that stems from a lack of authentication functionality in the affected products. An attacker could use this vulnerability to change the controlle...
JTEKT TOYOPUC-Plus 安全漏洞
JTEKT TOYOPUC-Plus is a PLC from JTEKT Japan. A security vulnerability exists in the JTEKT TOYOPUC that stems from the affected product's inability to properly handle ICMP flooding, which could allow an attacker to deny Ethernet communication between affected devices. The following products and...
Code injection
When JTEKT Corporation TOYOPUC PLC versions PC10G-CPU, 2PORT-EFR, Plus CPU, Plus EX, Plus EX2, Plus EFR, Plus EFR2, Plus 2P-EFR, PC10P-DP, PC10P-DP-IO, Plus BUS-EX, Nano 10GX, Nano 2ET,PC10PE, PC10PE-16/16P, PC10E, FL/ET-T-V2H, PC10B,PC10B-P, Nano CPU, PC10P, and PC10GE receive an invalid frame,...
PT-2021-17465 · Jtekt · Toyopuc Plc
Name of the Vulnerable Software and Affected Versions: JTEKT Corporation TOYOPUC PLC versions PC10G-CPU, 2PORT-EFR, Plus CPU, Plus EX, Plus EX2, Plus EFR, Plus EFR2, Plus 2P-EFR, PC10P-DP, PC10P-DP-IO, Plus BUS-EX, Nano 10GX, Nano 2ET, PC10PE, PC10PE-16/16P, PC10E, FL/ET-T-V2H, PC10B, PC10B-P, Na...
JTEKT TOYOPUC-Plus 缓冲区错误漏洞
JTEKT TOYOPUC-Plus is a PLC from JTEKT Japan. The JTEKT TOYOPUC-Plus suffers from a buffer error vulnerability that originates when the product receives an invalid frame, the outer region of the FL-net receive buffer will be overwritten. This causes the PLC CPU to detect a system error and the...