Main Vulnerability Database SB2022062225

SB2022062225 - Multiple vulnerabilities in JTEKT TOYOPUC Products

Published: June 22, 2022

Security Bulletin ID SB2022062225

Severity

High

Patch available

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Missing Authentication for Critical Function (CVE-ID: CVE-2022-29951)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the affected product lacks authentication functionality. A remote attacker can change controller configurations, manipulate data or cause a denial of service (DoS) condition.

2) Insufficient verification of data authenticity (CVE-ID: CVE-2022-29958)

The vulnerability allows a remote attacker to compromsie the target system.

The vulnerability exists due to the affected product lacks privilege separation capabilities. A remote attacker can execute arbitrary machine code.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://ics-cert.us-cert.gov/advisories/icsa-22-172-02

SB2022062225 - Multiple vulnerabilities in JTEKT TOYOPUC Products

Breakdown by Severity

Description

Remediation

References

Please verify you're human