CVE-2022-29958

JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. They utilize the unauthenticated CMPLink/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. Control logic is downloaded to the PLC on a block-by-block basis with a given memory...

The vulnerability of the CMPLink/TCP protocol implementation in the microprogramming software for programmable logic controllers TOYOPUC allows a hacker to execute arbitrary code.

The vulnerability of the CMPLink/TCP protocol implementation in the microprogramming software for programmable logic controllers TOYOPUC is related to insufficient verification of data authenticity. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

Code injection

When JTEKT Corporation TOYOPUC PLC versions PC10G-CPU, 2PORT-EFR, Plus CPU, Plus EX, Plus EX2, Plus EFR, Plus EFR2, Plus 2P-EFR, PC10P-DP, PC10P-DP-IO, Plus BUS-EX, Nano 10GX, Nano 2ET,PC10PE, PC10PE-16/16P, PC10E, FL/ET-T-V2H, PC10B,PC10B-P, Nano CPU, PC10P, and PC10GE receive an invalid frame,...

PT-2021-17465 · Jtekt · Toyopuc Plc

Name of the Vulnerable Software and Affected Versions: JTEKT Corporation TOYOPUC PLC versions PC10G-CPU, 2PORT-EFR, Plus CPU, Plus EX, Plus EX2, Plus EFR, Plus EFR2, Plus 2P-EFR, PC10P-DP, PC10P-DP-IO, Plus BUS-EX, Nano 10GX, Nano 2ET, PC10PE, PC10PE-16/16P, PC10E, FL/ET-T-V2H, PC10B, PC10B-P, Na...

JTEKT TOYOPUC PLC

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low attack complexity Vendor: JTEKT Corporation Equipment: TOYOPUC PLC Vulnerability : Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of this...