Unknown
CVE-2022-29951
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2022-29951
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP protocol (configurable on ports 1024-65534 on either TCP or UDP) for a wide variety of engineering purposes such as starting and stopping the PLC, downloading and uploading projects, and changing configuration settings. This protocol does not have any authentication features, allowing any attacker capable of communicating with the port in question to invoke (a subset of) desired functionality.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
Vendors
Products
- nano 10gx tuc-1157 firmware -,
- nano cpu tuc-6941 firmware -,
- pc10b tcc-1021 firmware -,
- pc10b-p tcc-6373 firmware -,
- pc10e tcc-4737 firmware -,
- pc10el tcc-4747 firmware -,
- pc10g-cpu tcc-6353 firmware -,
- pc10ge tcc-6464 firmware -,
- pc10p tcc-6372 firmware -,
- pc10p-dp tcc-6726 firmware -,
- pc10p-dp-io tcc-6752 firmware -,
- pc10pe tcc-1101 firmware -,
- pc10pe-1616p tcc-1102 firmware -,
- pc3jx tcc-6901 firmware -,
- pc3jx-d tcc-6902 firmware -,
- pcdl tkc-6688 firmware -,
- plus cpu tcc-6740 firmware -
References
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Zero-day Exploit
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
