CVE-2022-29958

Name: CVE-2022-29958
Creator: NVD / NIST
Published: 2022-07-26T22:15:10.963+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 0.47%

Last modified Jun 17, 2026

CVE-2022-29958 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. They utilize the unauthenticated CMPLink/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. EPSS estimates a 0.47% chance of exploitation in the next 30 days.

Description

JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. They utilize the unauthenticated CMPLink/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. Control logic is downloaded to the PLC on a block-by-block basis with a given memory address and a blob of machine code. The logic that is downloaded to the PLC is not cryptographically authenticated, allowing an attacker to execute arbitrary machine code on the PLC's CPU module in the context of the runtime. In the case of the PC10G-CPU, and likely for other CPU modules of the TOYOPUC family, a processor without MPU or MMU is used and this no memory protection or privilege-separation capabilities are available, giving an attacker full control over the CPU.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.47%

36.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-345

Affected Software

Vendor	Product	Versions
Jtekt	Pc10g-Cpu Tcc-6353 Firmware	All versions
Jtekt	Pc10ge Tcc-6464 Firmware	All versions
Jtekt	Pc10p Tcc-6372 Firmware	All versions
Jtekt	Pc10p-Dp Tcc-6726 Firmware	All versions
Jtekt	Pc10p-Dp-Io Tcc-6752 Firmware	All versions
Jtekt	Pc10b-P Tcc-6373 Firmware	All versions
Jtekt	Pc10b Tcc-1021 Firmware	All versions
Jtekt	Pc10e Tcc-4737 Firmware	All versions
Jtekt	Pc10el Tcc-4747 Firmware	All versions
Jtekt	Plus Cpu Tcc-6740 Firmware	All versions
Jtekt	Pc3jx Tcc-6901 Firmware	All versions
Jtekt	Pc3jx-D Tcc-6902 Firmware	All versions
Jtekt	Pc10pe Tcc-1101 Firmware	All versions
Jtekt	Pc10pe-1616p Tcc-1102 Firmware	All versions
Jtekt	Pcdl Tkc-6688 Firmware	All versions
Jtekt	Nano 10gx Tuc-1157 Firmware	All versions
Jtekt	Nano Cpu Tuc-6941 Firmware	All versions

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-172-02Third Party Advisory, US Government Resource
https://www.forescout.com/blog/Third Party Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-22-172-02Third Party Advisory, US Government Resource
https://www.forescout.com/blog/Third Party Advisory

Timeline

Published: Jul 26, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-29958?

How severe is CVE-2022-29958?

CVE-2022-29958 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 0.47% probability of exploitation in the next 30 days.

How do I fix CVE-2022-29958?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-29958?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST