JTEKT TOYOPUC PLC
Monitor6.5ICS-CERT ICSA-21-180-04Jun 29, 2021
Attack VectorAdjacent
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
A buffer overflow vulnerability exists in JTEKT TOYOPUC PLC firmware affecting multiple product lines (Plus series CPU/EX/EFR modules, PC10 series processors, Nano series, and FL/ET-T-V2H). An attacker with access to the local network segment can send a specially crafted network packet to cause the PLC to crash, resulting in denial of service. The vulnerability requires no authentication and low complexity to exploit. JTEKT has released firmware updates for affected products; Plus series expansion boards do not require updates if the connected CPU module is patched.
What this means
What could happen
A remote attacker on the same network segment could crash a JTEKT TOYOPUC PLC, causing the device to stop responding and halting any controlled process until manual restart.
Who's at risk
Manufacturing facilities operating JTEKT TOYOPUC PLCs, including Plus series CPU modules, PC10 series processors, Nano series, and all associated expansion boards. Any facility using these PLCs for process control, sequencing, or data acquisition should apply this update.
How it could be exploited
An attacker with access to the same network segment sends a specially crafted packet to the PLC's network interface, triggering a buffer overflow condition that crashes the device. No authentication is required.
Prerequisites
- Network access to the PLC on the same local network segment (Layer 2 adjacency or routed access)
- No authentication credentials required
- Knowledge of the target PLC IP address and port
Remotely exploitable from adjacent networkNo authentication requiredLow complexity exploitNo patch available for Plus EX, Plus CPU, PC10G-CPU, FL/ET-T-V2H, PC10PE, PC10B-P, PC10P, 2PORT-EFR, PC10B, Plus EX2, Plus BUS-EX, PC10P-DP-IO, PC10PE-16/16P, Plus EFR2, Nano 10GX, PC10P-DP, Plus 2P-EFR, Plus EFR, PC10GE, Nano 2ET, PC10E, Nano CPU (per initial advisory claim)Affects industrial control and safety systems
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (22)
22 with fix
ProductAffected VersionsFix Status
Plus EX: All VersionsAll versions3.11 or later
Plus CPU: All VersionsAll versions3.11 or later
PC10G-CPU: All VersionsAll versions3.91 or later
FL/ET-T-V2H: All VersionsAll versionsF2.8 E1.5 or later
PC10PE: All VersionsAll versions1.02 or later
Remediation & Mitigation
0/4
Do now
0/1WORKAROUNDRestrict network access to PLC management ports using firewall rules; allow only connections from authorized engineering workstations and control network devices
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate JTEKT TOYOPUC PLC firmware to patched version (PC10G-CPU to 3.91 or later, 2PORT-EFR to 1.50 or later, PC10P-DP/PC10P-DP-IO to 1.50 or later, Nano series to respective versions, PC10E to 1.12 or later, Plus series CPU/EX/EFR modules to 3.11 or later, Plus BUS-EX to 2.13 or later)
Long-term hardening
0/2HARDENINGImplement network segmentation to isolate PLCs on a dedicated control network separate from IT networks and untrusted external access
HARDENINGMonitor PLC network traffic for unexpected packet patterns or repeated connection attempts that may indicate exploitation attempts
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/797d167a-cd8e-4b15-9690-1cfa960c683d