9.8 - CVE-2022-29958

Executive Summary

Informations
Name	CVE-2022-29958	First vendor Publication	2022-07-26
Vendor	Cve	Last vendor Modification	2022-08-03

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Overall CVSS Score	9.8
Base Score	9.8	Environmental Score	9.8
impact SubScore	5.9	Temporal Score	9.8
Exploitabality Sub Score	3.9

Attack Vector	Network	Attack Complexity	Low
Privileges Required	None	User Interaction	None
Scope	Unchanged	Confidentiality Impact	High
Integrity Impact	High	Availability Impact	High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score	N/A	Attack Range	N/A
Cvss Impact Score	N/A	Attack Complexity	N/A
Cvss Expoit Score	N/A	Authentication	N/A
Calculate full CVSS 2.0 Vectors scores

Detail

JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. They utilize the unauthenticated CMPLink/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. Control logic is downloaded to the PLC on a block-by-block basis with a given memory address and a blob of machine code. The logic that is downloaded to the PLC is not cryptographically authenticated, allowing an attacker to execute arbitrary machine code on the PLC's CPU module in the context of the runtime. In the case of the PC10G-CPU, and likely for other CPU modules of the TOYOPUC family, a processor without MPU or MMU is used and this no memory protection or privilege-separation capabilities are available, giving an attacker full control over the CPU.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29958

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-345	Insufficient Verification of Data Authenticity

CPE : Common Platform Enumeration

Type	Description	Count
Os	Jtekt Nano 10Gx Tuc-1157 Firmware cpe:2.3:o:jtekt:nano_10gx_tuc-1157_firmware:-:::::::*	1
Os	Jtekt Nano Cpu Tuc-6941 Firmware cpe:2.3:o:jtekt:nano_cpu_tuc-6941_firmware:-:::::::*	1
Os	Jtekt Pc10B Tcc-1021 Firmware cpe:2.3:o:jtekt:pc10b_tcc-1021_firmware:-:::::::*	1
Os	Jtekt pc10b-P Tcc-6373 Firmware cpe:2.3:o:jtekt:pc10b-p_tcc-6373_firmware:-:::::::*	1
Os	Jtekt Pc10E Tcc-4737 Firmware cpe:2.3:o:jtekt:pc10e_tcc-4737_firmware:-:::::::*	1
Os	Jtekt Pc10El Tcc-4747 Firmware cpe:2.3:o:jtekt:pc10el_tcc-4747_firmware:-:::::::*	1
Os	Jtekt pc10g-Cpu Tcc-6353 Firmware cpe:2.3:o:jtekt:pc10g-cpu_tcc-6353_firmware:-:::::::*	1
Os	Jtekt Pc10Ge Tcc-6464 Firmware cpe:2.3:o:jtekt:pc10ge_tcc-6464_firmware:-:::::::*	1
Os	Jtekt Pc10P Tcc-6372 Firmware cpe:2.3:o:jtekt:pc10p_tcc-6372_firmware:-:::::::*	1
Os	Jtekt pc10p-Dp Tcc-6726 Firmware cpe:2.3:o:jtekt:pc10p-dp_tcc-6726_firmware:-:::::::*	1
Os	Jtekt pc10p-Dp-Io Tcc-6752 Firmware cpe:2.3:o:jtekt:pc10p-dp-io_tcc-6752_firmware:-:::::::*	1
Os	Jtekt Pc10Pe Tcc-1101 Firmware cpe:2.3:o:jtekt:pc10pe_tcc-1101_firmware:-:::::::*	1
Os	Jtekt pc10pe-1616P Tcc-1102 Firmware cpe:2.3:o:jtekt:pc10pe-1616p_tcc-1102_firmware:-:::::::*	1
Os	Jtekt Pc3Jx Tcc-6901 Firmware cpe:2.3:o:jtekt:pc3jx_tcc-6901_firmware:-:::::::*	1
Os	Jtekt pc3jx-D Tcc-6902 Firmware cpe:2.3:o:jtekt:pc3jx-d_tcc-6902_firmware:-:::::::*	1
Os	Jtekt Pcdl Tkc-6688 Firmware cpe:2.3:o:jtekt:pcdl_tkc-6688_firmware:-:::::::*	1
Os	Jtekt Plus Cpu Tcc-6740 Firmware cpe:2.3:o:jtekt:plus_cpu_tcc-6740_firmware:-:::::::*	1

Sources (Detail)

Source	Url
MISC	https://www.cisa.gov/uscert/ics/advisories/icsa-22-172-02 https://www.forescout.com/blog/

Alert History

If you want to see full details history, please login or register.

Date	Informations
2022-08-03 17:27:32	Multiple Updates
2022-07-27 13:27:13	Multiple Updates
2022-07-27 05:27:06	First insertion

9.8 - CVE-2022-29958

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Sources (Detail)

Alert History

Global Informations

Open Standards

COMPANY

STANDARDS

RECENT POSTS

MENU