CVE-2022-29951

JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP protocol configurable on ports 1024-65534 on either TCP or UDP for a wide variety of engineering purposes such as starting and stopping the PLC, downloading and uploading projects, and changing...

CVE-2022-29958

JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. They utilize the unauthenticated CMPLink/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. Control logic is downloaded to the PLC on a block-by-block basis with a given memory...

CVE-2022-29951

JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP protocol configurable on ports 1024-65534 on either TCP or UDP for a wide variety of engineering purposes such as starting and stopping the PLC, downloading and uploading projects, and changing...

Authentication flaw

JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP protocol configurable on ports 1024-65534 on either TCP or UDP for a wide variety of engineering purposes such as starting and stopping the PLC, downloading and uploading projects, and changing...

Memory corruption

JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. They utilize the unauthenticated CMPLink/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. Control logic is downloaded to the PLC on a block-by-block basis with a given memory...

CVE-2022-29951

JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP protocol configurable on ports 1024-65534 on either TCP or UDP for a wide variety of engineering purposes such as starting and stopping the PLC, downloading and uploading projects, and changing...

CVE-2022-29951

CVE-2022-29951 affects JTEKT TOYOPUC PLCs (CMPLink/TCP protocol) up to 2022-04-29. The CMPLink/TCP service on ports 1024–65534 (TCP/UDP) has no authentication, enabling a remote attacker capable of communicating with the port to invoke a subset of functions (start/stop PLC, upload/download projec...

CVE-2022-29951

JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP protocol configurable on ports 1024-65534 on either TCP or UDP for a wide variety of engineering purposes such as starting and stopping the PLC, downloading and uploading projects, and changing...

CVE-2022-29958

JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. They utilize the unauthenticated CMPLink/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. Control logic is downloaded to the PLC on a block-by-block basis with a given memory...