Denial of service in JTEKT TOYOPUC products
| Risk | Medium |
| Patch available | NO |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2021-27458 |
| CWE-ID | CWE-404 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
TOYOPUC PC10G-CPU TCC-6353 Hardware solutions / Firmware TOYOPUC PC10GE TCC-6464 Hardware solutions / Firmware TOYOPUC PC10P TCC-6372 Hardware solutions / Firmware TOYOPUC PC10P-DP TCC-6726 Hardware solutions / Firmware TOYOPUC PC10P-DP-IO TCC-6752 Hardware solutions / Firmware TOYOPUC PC10B-P TCC-6373 Hardware solutions / Firmware TOYOPUC PC10B TCC-1021 Hardware solutions / Firmware TOYOPUC PC10B-E/C TCU-6521 Hardware solutions / Firmware TOYOPUC PC10E TCC-4737 Hardware solutions / Firmware TOYOPUC Plus CPU TCC-6740 Hardware solutions / Firmware TOYOPUC Plus EX TCU-6741 Hardware solutions / Firmware TOYOPUC Plus EX2 TCU-6858 Hardware solutions / Firmware TOYOPUC Plus EFR TCU-6743 Hardware solutions / Firmware TOYOPUC Plus EFR2 TCU-6859 Hardware solutions / Firmware TOYOPUC Plus 2P-EFR TCU-6929 Hardware solutions / Firmware TOYOPUC Plus BUS-EX TCU-6900 Hardware solutions / Firmware FL/ET-T-V2H THU-6289 Hardware solutions / Firmware 2PORT-EFR THU-6404 Hardware solutions / Firmware |
| Vendor | JTEKT Corporation |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Improper Resource Shutdown or Release
EUVDB-ID: #VU52210
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-27458
CWE-ID:
CWE-404 - Improper Resource Shutdown or Release
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper resource shutdown or release. A remote attacker can cause a denial of service condition on the targeted system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsTOYOPUC PC10G-CPU TCC-6353: All versions
TOYOPUC PC10GE TCC-6464: All versions
TOYOPUC PC10P TCC-6372: All versions
TOYOPUC PC10P-DP TCC-6726: All versions
TOYOPUC PC10P-DP-IO TCC-6752: All versions
TOYOPUC PC10B-P TCC-6373: All versions
TOYOPUC PC10B TCC-1021: All versions
TOYOPUC PC10B-E/C TCU-6521: All versions
TOYOPUC PC10E TCC-4737: All versions
TOYOPUC Plus CPU TCC-6740: All versions
TOYOPUC Plus EX TCU-6741: All versions
TOYOPUC Plus EX2 TCU-6858: All versions
TOYOPUC Plus EFR TCU-6743: All versions
TOYOPUC Plus EFR2 TCU-6859: All versions
TOYOPUC Plus 2P-EFR TCU-6929: All versions
TOYOPUC Plus BUS-EX TCU-6900: All versions
FL/ET-T-V2H THU-6289: All versions
2PORT-EFR THU-6404: All versions
CPE2.3- cpe:2.3:h:jtekt_corporation:toyopuc_pc10g-cpu_tcc-6353:*:*:*:*:*:*:*:*
- cpe:2.3:h:jtekt_corporation:toyopuc_pc10ge_tcc-6464:*:*:*:*:*:*:*:*
- cpe:2.3:h:jtekt_corporation:toyopuc_pc10p_tcc-6372:*:*:*:*:*:*:*:*
- cpe:2.3:h:jtekt_corporation:toyopuc_pc10p-dp_tcc-6726:*:*:*:*:*:*:*:*
- cpe:2.3:h:jtekt_corporation:toyopuc_pc10p-dp-io_tcc-6752:*:*:*:*:*:*:*:*
- cpe:2.3:h:jtekt_corporation:toyopuc_pc10b-p_tcc-6373:*:*:*:*:*:*:*:*
- cpe:2.3:h:jtekt_corporation:toyopuc_pc10b_tcc-1021:*:*:*:*:*:*:*:*
- cpe:2.3:h:jtekt_corporation:toyopuc_pc10b-e_c_tcu-6521:*:*:*:*:*:*:*:*
- cpe:2.3:h:jtekt_corporation:toyopuc_pc10e_tcc-4737:*:*:*:*:*:*:*:*
- cpe:2.3:h:jtekt_corporation:toyopuc_plus_cpu_tcc-6740:*:*:*:*:*:*:*:*
- cpe:2.3:h:jtekt_corporation:toyopuc_plus_ex_tcu-6741:*:*:*:*:*:*:*:*
- cpe:2.3:h:jtekt_corporation:toyopuc_plus_ex2_tcu-6858:*:*:*:*:*:*:*:*
- cpe:2.3:h:jtekt_corporation:toyopuc_plus_efr_tcu-6743:*:*:*:*:*:*:*:*
- cpe:2.3:h:jtekt_corporation:toyopuc_plus_efr2_tcu-6859:*:*:*:*:*:*:*:*
- cpe:2.3:h:jtekt_corporation:toyopuc_plus_2p-efr_tcu-6929:*:*:*:*:*:*:*:*
- cpe:2.3:h:jtekt_corporation:toyopuc_plus_bus-ex_tcu-6900:*:*:*:*:*:*:*:*
- cpe:2.3:h:jtekt_corporation:fl_et-t-v2h_thu-6289:*:*:*:*:*:*:*:*
- cpe:2.3:h:jtekt_corporation:2port-efr_thu-6404:*:*:*:*:*:*:*:*
https://ics-cert.us-cert.gov/advisories/icsa-21-103-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
