45 matches found
CVE-2021-33011
All versions of the afffected TOYOPUC-PC10 Series,TOYOPUC-Plus Series,TOYOPUC-PC3J/PC2J Series, TOYOPUC-Nano Series products may not be able to properly process an ICMP flood, which may allow an attacker to deny Ethernet communications between affected devices...
EUVD-2021-14212
Malware in sbrugna...
EUVD-2021-19732
Malware in sbrugna...
EUVD-2022-34265
Malicious code in bioql PyPI...
CVE-2022-29951
JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP protocol configurable on ports 1024-65534 on either TCP or UDP for a wide variety of engineering purposes such as starting and stopping the PLC, downloading and uploading projects, and changing...
CVE-2022-29958
JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. They utilize the unauthenticated CMPLink/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. Control logic is downloaded to the PLC on a block-by-block basis with a given memory...
CVE-2021-27458
If Ethernet communication of the JTEKT Corporation TOYOPUC product series’ TOYOPUC-PC10 Series: PC10G-CPU TCC-6353: All versions, PC10GE TCC-6464: All versions, PC10P TCC-6372: All versions, PC10P-DP TCC-6726: All versions, PC10P-DP-IO TCC-6752: All versions, PC10B-P TCC-6373: All versions, PC10B...
CVE-2022-29951
JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP protocol configurable on ports 1024-65534 on either TCP or UDP for a wide variety of engineering purposes such as starting and stopping the PLC, downloading and uploading projects, and changing...
CVE-2022-29958
JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. They utilize the unauthenticated CMPLink/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. Control logic is downloaded to the PLC on a block-by-block basis with a given memory...
CVE-2022-29951
JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP protocol configurable on ports 1024-65534 on either TCP or UDP for a wide variety of engineering purposes such as starting and stopping the PLC, downloading and uploading projects, and changing...
CVE-2022-29958
JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. They utilize the unauthenticated CMPLink/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. Control logic is downloaded to the PLC on a block-by-block basis with a given memory...
Authentication flaw
JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP protocol configurable on ports 1024-65534 on either TCP or UDP for a wide variety of engineering purposes such as starting and stopping the PLC, downloading and uploading projects, and changing...
CVE-2022-29951
JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP protocol configurable on ports 1024-65534 on either TCP or UDP for a wide variety of engineering purposes such as starting and stopping the PLC, downloading and uploading projects, and changing...
CVE-2022-29951
CVE-2022-29951 affects JTEKT TOYOPUC PLCs (CMPLink/TCP protocol) up to 2022-04-29. The CMPLink/TCP service on ports 1024–65534 (TCP/UDP) has no authentication, enabling a remote attacker capable of communicating with the port to invoke a subset of functions (start/stop PLC, upload/download projec...
CVE-2022-29951
JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP protocol configurable on ports 1024-65534 on either TCP or UDP for a wide variety of engineering purposes such as starting and stopping the PLC, downloading and uploading projects, and changing...
CVE-2022-29958
JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. They utilize the unauthenticated CMPLink/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. Control logic is downloaded to the PLC on a block-by-block basis with a given memory...
CVE-2022-29958
CVE-2022-29958 affects JTEKT TOYOPUC PLCs up to 2022-04-29, where control logic and projects can be downloaded via unauthenticated CMPLink/TCP without cryptographic authentication. The downloaded code is block-based and executed in the PLC runtime without memory protection, on CPU modules (e.g., ...
JTEKT TOYOPUC Missing Authentication For Critical Function (CVE-2022-29951, CVE-2022-29958)
The device may be vulnerable to flaws related to OT:ICEFALL. These vulnerabilities identify the insecure-by-design nature of OT devices and may not have a clear remediation path. As such, Nessus is unable to test specifically for these vulnerabilities but has identified the device to be one that...
PT-2022-3087 · Jtekt · Jtekt Toyopuc Plcs
Name of the Vulnerable Software and Affected Versions: JTEKT TOYOPUC PLCs versions prior to 2022-04-29 Description: The issue is related to insufficient data authentication in the programmable logic controllers. This allows a remote attacker to execute arbitrary code. The controllers use the...
CISA Releases Security Advisories Related to OT:ICEFALL (Insecure by Design) Report
CISA is aware that Forescout researchers have released OT:ICEFALL, a report on 56 vulnerabilities caused by insecure-by-design practices in operational technology across multiple vendors. The vulnerabilities are divided into four main categories: insecure engineering protocols, weak cryptography ...