3 matches found
CVE-2022-29958
JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. They utilize the unauthenticated CMPLink/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. Control logic is downloaded to the PLC on a block-by-block basis with a given memory...
CVE-2022-29958
CVE-2022-29958 affects JTEKT TOYOPUC PLCs up to 2022-04-29, where control logic and projects can be downloaded via unauthenticated CMPLink/TCP without cryptographic authentication. The downloaded code is block-based and executed in the PLC runtime without memory protection, on CPU modules (e.g., ...
JTEKT TOYOPUC Missing Authentication For Critical Function (CVE-2022-29951, CVE-2022-29958)
The device may be vulnerable to flaws related to OT:ICEFALL. These vulnerabilities identify the insecure-by-design nature of OT devices and may not have a clear remediation path. As such, Nessus is unable to test specifically for these vulnerabilities but has identified the device to be one that...