CVE-2022-29951
CRITICALJTEKT TOYOPUC PLCs - Unauthenticated Critical Function Access via CMPLink/TCP Protocol
Title source: llmDescription
JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP protocol (configurable on ports 1024-65534 on either TCP or UDP) for a wide variety of engineering purposes such as starting and stopping the PLC, downloading and uploading projects, and changing configuration settings. This protocol does not have any authentication features, allowing any attacker capable of communicating with the port in question to invoke (a subset of) desired functionality.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://www.forescout.com/blog/
Mitigation, Third Party Advisory, US Government Resource x_refsource_misc
https://www.cisa.gov/uscert/ics/advisories/icsa-22-172-02
Scores
CVSS v3
9.1
EPSS
0.0094
EPSS Percentile
56.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-306
Status
published
Products (17)
jtekt/nano_10gx_tuc-1157_firmware
jtekt/nano_cpu_tuc-6941_firmware
jtekt/pc10b-p_tcc-6373_firmware
jtekt/pc10b_tcc-1021_firmware
jtekt/pc10e_tcc-4737_firmware
jtekt/pc10el_tcc-4747_firmware
jtekt/pc10g-cpu_tcc-6353_firmware
jtekt/pc10ge_tcc-6464_firmware
jtekt/pc10p-dp-io_tcc-6752_firmware
jtekt/pc10p-dp_tcc-6726_firmware
... and 7 more
Published
Jul 26, 2022
Tracked Since
Feb 18, 2026