CVE-2021-27458
Last modified
CVE-2021-27458 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. If Ethernet communication of the JTEKT Corporation TOYOPUC product series’ (TOYOPUC-PC10 Series: PC10G-CPU TCC-6353: All versions, PC10GE TCC-6464: All versions, PC10P TCC-6372: All versions, PC10P-DP TCC-6726: All versions, PC10P-DP-IO TCC-6752: All versions, PC10B-P TCC-6373: All versions, PC10B TCC-1021: All versions, PC10B-E/C TCU-6521: All versions, PC10E TCC-4737: All versions; TOYOPUC-Plus Series: Plus CPU TCC-6740: All versions, Plus EX TCU-6741: All versions, Plus EX2 TCU-6858: All versions, Plus EFR TCU-6743: All versions, Plus EFR2 TCU-6859: All versions, Plus 2P-EFR TCU-6929: All versions, Plus BUS-EX TCU-6900: All versions; TOYOPUC-PC3J/PC2J Series: FL/ET-T-V2H THU-6289: All versions, 2PORT-EFR THU-6404: All versions) are left in an open state by an attacker, Ethernet communications cannot be established with other devices, depending on the settings of the link parameters.. EPSS estimates a 1.10% chance of exploitation in the next 30 days.
Description
If Ethernet communication of the JTEKT Corporation TOYOPUC product series’ (TOYOPUC-PC10 Series: PC10G-CPU TCC-6353: All versions, PC10GE TCC-6464: All versions, PC10P TCC-6372: All versions, PC10P-DP TCC-6726: All versions, PC10P-DP-IO TCC-6752: All versions, PC10B-P TCC-6373: All versions, PC10B TCC-1021: All versions, PC10B-E/C TCU-6521: All versions, PC10E TCC-4737: All versions; TOYOPUC-Plus Series: Plus CPU TCC-6740: All versions, Plus EX TCU-6741: All versions, Plus EX2 TCU-6858: All versions, Plus EFR TCU-6743: All versions, Plus EFR2 TCU-6859: All versions, Plus 2P-EFR TCU-6929: All versions, Plus BUS-EX TCU-6900: All versions; TOYOPUC-PC3J/PC2J Series: FL/ET-T-V2H THU-6289: All versions, 2PORT-EFR THU-6404: All versions) are left in an open state by an attacker, Ethernet communications cannot be established with other devices, depending on the settings of the link parameters.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Jtekt | Pc10g-Cpu Tcc-6353 Firmware | All versions |
| Jtekt | Pc10ge Tcc-6464 Firmware | All versions |
| Jtekt | Pc10p Tcc-6372 Firmware | All versions |
| Jtekt | Pc10p-Dp Tcc-6726 Firmware | All versions |
| Jtekt | Pc10p-Dp-Io Tcc-6752 Firmware | All versions |
| Jtekt | Pc10b-P Tcc-6373 Firmware | All versions |
| Jtekt | Pc10b Tcc-1021 Firmware | All versions |
| Jtekt | Pc10b-E\/C Tcu-6521 Firmware | All versions |
| Jtekt | Pc10e Tcc-4737 Firmware | All versions |
| Jtekt | Plus Cpu Tcc-6740 Firmware | All versions |
| Jtekt | Plus Ex Tcu-6741 Firmware | All versions |
| Jtekt | Plus Ex2 Tcu-6858 Firmware | All versions |
| Jtekt | Plus Efr Tcu-6743 Firmware | All versions |
| Jtekt | Plus Efr2 Tcu-6859 Firmware | All versions |
| Jtekt | Plus 2p-Efr Tcu-6929 Firmware | All versions |
| Jtekt | Plus Bus-Ex Tcu-6900 Firmware | All versions |
| Jtekt | Fl\/Et-T-V2h Thu-6289 Firmware | All versions |
| Jtekt | 2port-Efr Thu-6404 Firmware | All versions |
References
- https://us-cert.cisa.gov/ics/advisories/icsa-21-103-03Third Party Advisory, US Government Resource
- https://us-cert.cisa.gov/ics/advisories/icsa-21-103-03Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-27458?
How severe is CVE-2021-27458?
How do I fix CVE-2021-27458?
Are you affected by CVE-2021-27458?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST