Denial of service in JTEKT TOYOPUC PLC products
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2021-27477 |
| CWE-ID | CWE-119 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
TOYOPUC PLC Plus CPU Hardware solutions / Firmware TOYOPUC PLC Plus EX Hardware solutions / Firmware TOYOPUC PLC Plus EX2 Hardware solutions / Firmware TOYOPUC PLC Plus EFR Hardware solutions / Firmware TOYOPUC PLC Plus EFR2 Hardware solutions / Firmware TOYOPUC PLC Plus 2P-EFR Hardware solutions / Firmware TOYOPUC PLC Plus BUS-EX Hardware solutions / Firmware TOYOPUC PLC PC10E Hardware solutions / Firmware TOYOPUC PLC FL/ET-T-V2H Hardware solutions / Firmware TOYOPUC PLC PC10B Hardware solutions / Firmware TOYOPUC PLC PC10B-P Hardware solutions / Firmware TOYOPUC PLC Nano CPU Hardware solutions / Firmware TOYOPUC PLC PC10P Hardware solutions / Firmware TOYOPUC PLC PC10GE Hardware solutions / Firmware TOYOPUC PLC PC10G-CPU Hardware solutions / Firmware TOYOPUC PLC 2PORT-EFR Hardware solutions / Firmware TOYOPUC PLC PC10P-DP Hardware solutions / Firmware TOYOPUC PLC PC10P-DP-IO Hardware solutions / Firmware TOYOPUC PLC Nano 10GX Hardware solutions / Firmware TOYOPUC PLC Nano 2ET Hardware solutions / Firmware TOYOPUC PLC PC10PE Hardware solutions / Firmware TOYOPUC PLC PC10PE-16/16P Hardware solutions / Firmware |
| Vendor | JTEKT Corporation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Buffer overflow
EUVDB-ID: #VU54460
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-27477
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error. A remote attacker on the local network can trigger memory corruption and cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsTOYOPUC PLC Plus CPU: before 3.11
TOYOPUC PLC Plus EX: before 3.11
TOYOPUC PLC Plus EX2: before 3.11
TOYOPUC PLC Plus EFR: before 3.11
TOYOPUC PLC Plus EFR2: before 3.11
TOYOPUC PLC Plus 2P-EFR: before 3.11
TOYOPUC PLC Plus BUS-EX: before 2.13
TOYOPUC PLC PC10E: before 1.12
TOYOPUC PLC FL/ET-T-V2H: before F2.8
TOYOPUC PLC PC10B: before 1.11
TOYOPUC PLC PC10B-P: before 1.11
TOYOPUC PLC Nano CPU: before 2.08
TOYOPUC PLC PC10P: before 1.05
TOYOPUC PLC PC10GE: before 1.04
TOYOPUC PLC PC10G-CPU: before 3.91
TOYOPUC PLC 2PORT-EFR: before 1.50
TOYOPUC PLC PC10P-DP: before 1.50
TOYOPUC PLC PC10P-DP-IO: before 1.50
TOYOPUC PLC Nano 10GX: before 3.00
TOYOPUC PLC Nano 2ET: before 2.40
TOYOPUC PLC PC10PE: before 1.02
TOYOPUC PLC PC10PE-16/16P: before 1.02
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-21-180-04
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
