CVE-2021-27477

Published: Jul 1, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

When JTEKT Corporation TOYOPUC PLC versions PC10G-CPU, 2PORT-EFR, Plus CPU, Plus EX, Plus EX2, Plus EFR, Plus EFR2, Plus 2P-EFR, PC10P-DP, PC10P-DP-IO, Plus BUS-EX, Nano 10GX, Nano 2ET,PC10PE, PC10PE-16/16P, PC10E, FL/ET-T-V2H, PC10B,PC10B-P, Nano CPU, PC10P, and PC10GE receive an invalid frame, the outside area of a receive buffer for FL-net are overwritten. As a result, the PLC CPU detects a system error, and the affected products stop.

Affected (22)

Products: Jtekt: Pc10g Cpu Firmware, 2port Efr Firmware, Plus Cpu Firmware, Plus Ex Firmware, Plus Ex2 Firmware, Plus Efr Firmware, Plus Efr2 Firmware, Plus 2p Efr Firmware, Pc10p Dp Firmware, Pc10p Dp Io Firmware, Plus Bus Ex Firmware, Nano 10gx Firmware, Nano 2et Firmware, Pc10pe Firmware, Pc10pe 16/16p Firmware, Pc10e Firmware, Fl/et T V2h Firmware, Pc10b Firmware, Pc10b P Firmware, Nano Cpu Firmware, Pc10p Firmware, Pc10ge Firmware

22 products

Pc10pe 16/16p Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Jtekt Pc10g Cpu Firmware	Before 3.91

Running on/with	Platform Versions
Jtekt Pc10g Cpu	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Jtekt 2port Efr Firmware	Before 1.50

Running on/with	Platform Versions
Jtekt 2port Efr	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Jtekt Plus Cpu Firmware	Before 3.11

Running on/with	Platform Versions
Jtekt Plus Cpu	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Jtekt Plus Ex Firmware	Before 3.11

Running on/with	Platform Versions
Jtekt Plus Ex	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Jtekt Plus Ex2 Firmware	Before 3.11

Running on/with	Platform Versions
Jtekt Plus Ex2	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Jtekt Plus Efr Firmware	Before 3.11

Running on/with	Platform Versions
Jtekt Plus Efr	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Jtekt Plus Efr2 Firmware	Before 3.11

Running on/with	Platform Versions
Jtekt Plus Efr2	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Jtekt Plus 2p Efr Firmware	Before 3.11

Running on/with	Platform Versions
Jtekt Plus 2p Efr	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Jtekt Pc10p Dp Firmware	Before 1.50

Running on/with	Platform Versions
Jtekt Pc10p Dp	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Jtekt Pc10p Dp Io Firmware	Before 1.50

Running on/with	Platform Versions
Jtekt Pc10p Dp Io	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Jtekt Plus Bus Ex Firmware	Before 2.13

Running on/with	Platform Versions
Jtekt Plus Bus Ex	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Jtekt Nano 10gx Firmware	Before 3.00

Running on/with	Platform Versions
Jtekt Nano 10gx	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Jtekt Nano 2et Firmware	Before 2.40

Running on/with	Platform Versions
Jtekt Nano 2et	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Jtekt Pc10pe Firmware	Before 1.02

Running on/with	Platform Versions
Jtekt Pc10pe	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Jtekt Pc10pe 16/16p Firmware	Before 1.02

Running on/with	Platform Versions
Jtekt Pc10pe 16/16p	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Jtekt Pc10e Firmware	Before 1.02

Running on/with	Platform Versions
Jtekt Pc10e	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Jtekt Fl/et T V2h Firmware	Before f2.8_e1.5

Running on/with	Platform Versions
Jtekt Fl/et T V2h	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Jtekt Pc10b Firmware	Before 1.11

Running on/with	Platform Versions
Jtekt Pc10b	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Jtekt Pc10b P Firmware	Before 1.11

Running on/with	Platform Versions
Jtekt Pc10b P	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Jtekt Nano Cpu Firmware	Before 2.08

Running on/with	Platform Versions
Jtekt Nano Cpu	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Jtekt Pc10p Firmware	Before 1.05

Running on/with	Platform Versions
Jtekt Pc10p	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Jtekt Pc10ge Firmware	Before 1.04

Running on/with	Platform Versions
Jtekt Pc10ge	All versions

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://us-cert.cisa.gov/ics/advisories/icsa-21-180-04

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://us-cert.cisa.gov/ics/advisories/icsa-21-180-04

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.