CVE-2022-29951

Name: CVE-2022-29951
Creator: NVD / NIST
Published: 2022-07-26T22:15:10.8+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.1/10EPSS 0.94%

Last modified Jun 17, 2026

CVE-2022-29951 is a critical-severity vulnerability rated 9.1/10 on the CVSS scale. JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP protocol (configurable on ports 1024-65534 on either TCP or UDP) for a wide variety of engineering purposes such as starting and stopping the PLC, downloading and uploading projects, and changing configuration settings. EPSS estimates a 0.94% chance of exploitation in the next 30 days.

Description

JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP protocol (configurable on ports 1024-65534 on either TCP or UDP) for a wide variety of engineering purposes such as starting and stopping the PLC, downloading and uploading projects, and changing configuration settings. This protocol does not have any authentication features, allowing any attacker capable of communicating with the port in question to invoke (a subset of) desired functionality.

Metrics

CVSS 3.1

9.1/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

EPSS Probability

0.94%

56.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Jtekt	Pc10g-Cpu Tcc-6353 Firmware	All versions
Jtekt	Pc10ge Tcc-6464 Firmware	All versions
Jtekt	Pc10p Tcc-6372 Firmware	All versions
Jtekt	Pc10p-Dp Tcc-6726 Firmware	All versions
Jtekt	Pc10p-Dp-Io Tcc-6752 Firmware	All versions
Jtekt	Pc10b-P Tcc-6373 Firmware	All versions
Jtekt	Pc10b Tcc-1021 Firmware	All versions
Jtekt	Pc10e Tcc-4737 Firmware	All versions
Jtekt	Pc10el Tcc-4747 Firmware	All versions
Jtekt	Plus Cpu Tcc-6740 Firmware	All versions
Jtekt	Pc3jx Tcc-6901 Firmware	All versions
Jtekt	Pc3jx-D Tcc-6902 Firmware	All versions
Jtekt	Pc10pe Tcc-1101 Firmware	All versions
Jtekt	Pc10pe-1616p Tcc-1102 Firmware	All versions
Jtekt	Pcdl Tkc-6688 Firmware	All versions
Jtekt	Nano 10gx Tuc-1157 Firmware	All versions
Jtekt	Nano Cpu Tuc-6941 Firmware	All versions

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-172-02Mitigation, Third Party Advisory, US Government Resource
https://www.forescout.com/blog/Third Party Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-22-172-02Mitigation, Third Party Advisory, US Government Resource
https://www.forescout.com/blog/Third Party Advisory

Timeline

Published: Jul 26, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-29951?

How severe is CVE-2022-29951?

CVE-2022-29951 has a CVSS score of 9.1/10 (CRITICAL severity). The EPSS model estimates a 0.94% probability of exploitation in the next 30 days.

How do I fix CVE-2022-29951?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-29951?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST