Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. They utilize the unauthenticated CMPLink/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. Control logic is downloaded to the PLC on a block-by-block basis with a given memory address and a blob of machine code. The logic that is downloaded to the PLC is not cryptographically authenticated, allowing an attacker to execute arbitrary machine code on the PLC's CPU module in the context of the runtime. In the case of the PC10G-CPU, and likely for other CPU modules of the TOYOPUC family, a processor without MPU or MMU is used and this no memory protection or privilege-separation capabilities are available, giving an attacker full control over the CPU.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
JTEKT TOYOPUC Products 数据伪造问题漏洞
Vulnerability Description
JTEKT TOYOPUC Products是日本JTEKT公司的一个系列可编程控制器。 JTEKT TOYOPUC Products 存在数据伪造问题漏洞,该漏洞源于受影响的产品缺乏权限分离功能。攻击者利用该漏洞执行任意机器代码。
CVSS Information
N/A
Vulnerability Type
N/A