JTEKT TOYOPUC products

Monitor7.5ICS-CERT ICSA-21-103-03Apr 13, 2021

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

JTEKT TOYOPUC programmable logic controllers contain a vulnerability (CWE-404) in Ethernet communication handling that allows an attacker to prevent or disrupt Ethernet connections between devices. The vulnerability affects 18 product models across the Plus CPU, Plus EFR, PC10 series, and related I/O module lines. An attacker on the network segment could send specific packets that cause the Ethernet interface to refuse new connections, blocking communication until the connection state times out or is manually reset. JTEKT has not released firmware patches for any affected product models.

What this means

What could happen

An attacker could disrupt Ethernet communications between JTEKT TOYOPUC PLCs and other networked devices, potentially halting data exchange needed for process monitoring and control until connections are re-established.

Who's at risk

Water authorities and electric utilities using JTEKT TOYOPUC programmable controllers (PLC family) for process automation, including Plus series CPUs (TCU/TCC models) and I/O modules with Ethernet connectivity. Affects any facility that depends on PLC-to-PLC or PLC-to-SCADA communication over Ethernet for real-time process monitoring and control.

How it could be exploited

An attacker on the same network as a JTEKT TOYOPUC PLC could send specially crafted packets to stop Ethernet communication channels from being established, severing network connectivity between the PLC and its connected devices (other PLCs, monitoring systems, engineering workstations).

Prerequisites

Network access to the PLC and connected devices on the same Ethernet segment
Ability to send network packets to the PLC

Remotely exploitableNo authentication requiredLow complexity attackNo vendor patch available (end-of-life products)Affects multiple PLC models across product line

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (18)

18 EOL

ProductAffected VersionsFix Status

Plus EX2 TCU-6858: All versionsAll versionsNo fix (EOL)

PC10G-CPU TCC-6353: All versionsAll versionsNo fix (EOL)

PC10B-P TCC-6373: All versionsAll versionsNo fix (EOL)

Plus BUS-EX TCU-6900: All versionsAll versionsNo fix (EOL)

PC10GE TCC-6464: All versionsAll versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDEnable the Non-Reception timer in the Ethernet link parameters (access via link parameter screen > Timers > set Non-Reception timer to Enable)

WORKAROUNDConnect PLC to engineering workstation via USB cable and write the updated link parameters to the device

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

WORKAROUNDPerform device reset/restart or power cycle to activate the parameter changes

Mitigations - no patch available

0/2

The following products have reached End of Life with no planned fix: Plus EX2 TCU-6858: All versions, PC10G-CPU TCC-6353: All versions, PC10B-P TCC-6373: All versions, Plus BUS-EX TCU-6900: All versions, PC10GE TCC-6464: All versions, Plus CPU TCC-6740: All versions, Plus EFR TCU-6743: All versions, 2PORT-EFR THU-6404: All versions, PC10P-DP-IO TCC-6752: All versions, Plus EX TCU-6741: All versions, PC10E TCC-4737: All versions, Plus EFR2 TCU-6859: All versions, PC10B-E/C TCU-6521: All versions, PC10P-DP TCC-6726: All versions, PC10P TCC-6372: All versions, Plus 2P-EFR TCU-6929: All versions, PC10B TCC-1021: All versions, FL/ET-T-V2H THU-6289: All versions. Apply the following compensating controls:

HARDENINGIsolate TOYOPUC PLC devices from the Internet and locate them behind firewalls on a segregated control network

HARDENINGRestrict network access to TOYOPUC devices to only authorized engineering workstations and control systems

CVEs (1)

CVE-2021-27458

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a2a8dd06-805d-4f4d-a83b-05e4545c1004