9.1 - CVE-2022-29951

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Informations
Name	CVE-2022-29951	First vendor Publication	2022-07-26
Vendor	Cve	Last vendor Modification	2024-02-09

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Overall CVSS Score	9.1
Base Score	9.1	Environmental Score	9.1
impact SubScore	5.2	Temporal Score	9.1
Exploitabality Sub Score	3.9

Attack Vector	Network	Attack Complexity	Low
Privileges Required	None	User Interaction	None
Scope	Unchanged	Confidentiality Impact	None
Integrity Impact	High	Availability Impact	High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score	N/A	Attack Range	N/A
Cvss Impact Score	N/A	Attack Complexity	N/A
Cvss Expoit Score	N/A	Authentication	N/A
Calculate full CVSS 2.0 Vectors scores

Detail

JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP protocol (configurable on ports 1024-65534 on either TCP or UDP) for a wide variety of engineering purposes such as starting and stopping the PLC, downloading and uploading projects, and changing configuration settings. This protocol does not have any authentication features, allowing any attacker capable of communicating with the port in question to invoke (a subset of) desired functionality.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29951

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-306	Missing Authentication for Critical Function (CWE/SANS Top 25)

CPE : Common Platform Enumeration

Type	Description	Count
Os	Jtekt Nano 10Gx Tuc-1157 Firmware cpe:2.3:o:jtekt:nano_10gx_tuc-1157_firmware:-:::::::*	1
Os	Jtekt Nano Cpu Tuc-6941 Firmware cpe:2.3:o:jtekt:nano_cpu_tuc-6941_firmware:-:::::::*	1
Os	Jtekt Pc10B Tcc-1021 Firmware cpe:2.3:o:jtekt:pc10b_tcc-1021_firmware:-:::::::*	1
Os	Jtekt pc10b-P Tcc-6373 Firmware cpe:2.3:o:jtekt:pc10b-p_tcc-6373_firmware:-:::::::*	1
Os	Jtekt Pc10E Tcc-4737 Firmware cpe:2.3:o:jtekt:pc10e_tcc-4737_firmware:-:::::::*	1
Os	Jtekt Pc10El Tcc-4747 Firmware cpe:2.3:o:jtekt:pc10el_tcc-4747_firmware:-:::::::*	1
Os	Jtekt pc10g-Cpu Tcc-6353 Firmware cpe:2.3:o:jtekt:pc10g-cpu_tcc-6353_firmware:-:::::::*	1
Os	Jtekt Pc10Ge Tcc-6464 Firmware cpe:2.3:o:jtekt:pc10ge_tcc-6464_firmware:-:::::::*	1
Os	Jtekt Pc10P Tcc-6372 Firmware cpe:2.3:o:jtekt:pc10p_tcc-6372_firmware:-:::::::*	1
Os	Jtekt pc10p-Dp Tcc-6726 Firmware cpe:2.3:o:jtekt:pc10p-dp_tcc-6726_firmware:-:::::::*	1
Os	Jtekt pc10p-Dp-Io Tcc-6752 Firmware cpe:2.3:o:jtekt:pc10p-dp-io_tcc-6752_firmware:-:::::::*	1
Os	Jtekt Pc10Pe Tcc-1101 Firmware cpe:2.3:o:jtekt:pc10pe_tcc-1101_firmware:-:::::::*	1
Os	Jtekt pc10pe-1616P Tcc-1102 Firmware cpe:2.3:o:jtekt:pc10pe-1616p_tcc-1102_firmware:-:::::::*	1
Os	Jtekt Pc3Jx Tcc-6901 Firmware cpe:2.3:o:jtekt:pc3jx_tcc-6901_firmware:-:::::::*	1
Os	Jtekt pc3jx-D Tcc-6902 Firmware cpe:2.3:o:jtekt:pc3jx-d_tcc-6902_firmware:-:::::::*	1
Os	Jtekt Pcdl Tkc-6688 Firmware cpe:2.3:o:jtekt:pcdl_tkc-6688_firmware:-:::::::*	1
Os	Jtekt Plus Cpu Tcc-6740 Firmware cpe:2.3:o:jtekt:plus_cpu_tcc-6740_firmware:-:::::::*	1

Sources (Detail)

Source	Url
MISC	https://www.cisa.gov/uscert/ics/advisories/icsa-22-172-02 https://www.forescout.com/blog/

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-02-09 09:27:51	Multiple Updates
2022-08-03 00:27:33	Multiple Updates
2022-07-27 13:27:13	Multiple Updates
2022-07-27 05:27:06	First insertion

9.1 - CVE-2022-29951

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Sources (Detail)

Alert History

Global Informations

Open Standards

COMPANY

STANDARDS

RECENT POSTS

MENU