CVE-2022-29958

Name of the Vulnerable Software and Affected Versions JTEKT TOYOPUC PLCs versions prior to 2022-04-29

Description The issue is related to insufficient data authentication in the programmable logic controllers. This allows a remote attacker to execute arbitrary code. The controllers use the unauthenticated CMPLink/TCP protocol for engineering purposes, including downloading projects and control logic. The control logic downloaded to the PLC is not cryptographically authenticated, enabling an attacker to execute arbitrary machine code on the PLC's CPU module. In the case of the PC10G-CPU, and likely for other CPU modules of the TOYOPUC family, the processor lacks memory protection or privilege-separation capabilities, giving an attacker full control over the CPU.

Recommendations For JTEKT TOYOPUC PLCs versions prior to 2022-04-29, consider disabling the CMPLink/TCP protocol until a patch is available to prevent exploitation. Restrict access to the control logic download functionality to minimize the risk of arbitrary code execution. As a temporary workaround, limit the use of the PLC's CPU module to essential operations only. At the moment, there is no information about a newer version that contains a fix for this vulnerability.