CVE-2021-27458 Information

Description

If Ethernet communication of the JTEKT Corporation TOYOPUC product series’ (TOYOPUC-PC10 Series: PC10G-CPU TCC-6353: All versions PC10GE TCC-6464: All versions PC10P TCC-6372: All versions PC10P-DP TCC-6726: All versions PC10P-DP-IO TCC-6752: All versions PC10B-P TCC-6373: All versions PC10B TCC-1021: All versions PC10B-E/C TCU-6521: All versions PC10E TCC-4737: All versions; TOYOPUC-Plus Series: Plus CPU TCC-6740: All versions Plus EX TCU-6741: All versions Plus EX2 TCU-6858: All versions Plus EFR TCU-6743: All versions Plus EFR2 TCU-6859: All versions Plus 2P-EFR TCU-6929: All versions Plus BUS-EX TCU-6900: All versions; TOYOPUC-PC3J/PC2J Series: FL/ET-T-V2H THU-6289: All versions 2PORT-EFR THU-6404: All versions) are left in an open state by an attacker Ethernet communications cannot be established with other devices depending on the settings of the link parameters.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

https://us-cert.cisa.gov/ics/advisories/icsa-21-103-03

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5