JTEKT TOYOPUC

Monitor7.7ICS-CERT ICSA-22-172-02Jun 21, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

JTEKT TOYOPUC controllers (Nano 10GX, Nano CPU, PC10 series, PC3 series, and PCDL) contain authentication and access control weaknesses (CWE-306, CWE-345) that allow unauthenticated network attackers to modify control logic, trigger denial-of-service conditions, or disable communication links. The vulnerability affects all firmware versions of 17 distinct controller models. No vendor patch is available. The attack has high complexity and no public exploit is known.

What this means

What could happen

An attacker could modify control logic on JTEKT TOYOPUC industrial controllers, alter process setpoints, interrupt operations, or disable communication links in facilities like manufacturing plants, water systems, or power distribution.

Who's at risk

Manufacturing plants, water treatment facilities, electric utilities, and other industrial operations using JTEKT TOYOPUC series programmable controllers (all Nano, PC10, PC3, and PCDL variants). Any facility where these controllers manage critical processes or safety functions is at risk.

How it could be exploited

An attacker with network access to an affected TOYOPUC controller could exploit an authentication or access control weakness to inject commands that change control logic, stop normal operation, or sever communication. The attack requires overcoming high complexity, suggesting the attacker needs detailed knowledge of the controller's firmware or internal architecture.

Prerequisites

Network access to the TOYOPUC controller (not necessarily from the Internet if firewall misconfiguration exists)
High technical complexity to craft the exploit payload
No credentials required (CWE-306 indicates missing or broken authentication)

No patch available from vendorRemotely exploitable over networkNo authentication requiredAffects all versions of all affected productsImpacts safety-critical control systems

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (17)

17 EOL

ProductAffected VersionsFix Status

Nano 10GX Type=TUC-1157: All versionsAll versionsNo fix (EOL)

Nano CPU Type=TUC-6941: All versionsAll versionsNo fix (EOL)

PC10B Type=TCC-1021: All versionsAll versionsNo fix (EOL)

PC10B-P Type=TCC-6373: All versionsAll versionsNo fix (EOL)

PC10E Type=TCC-4737: All versionsAll versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/5

HARDENINGImplement network segmentation: place all TOYOPUC controllers behind a firewall and isolate control system networks from business/corporate networks

HARDENINGConfigure IP filtering on controllers and network devices to restrict access to only known engineering workstations and required systems

WORKAROUNDIf remote engineering access is required, mandate use of VPN connections and keep VPN software patched and updated

HARDENINGPhysically lock unused network ports on switches and hubs connected to TOYOPUC devices to prevent unauthorized device connections

HARDENINGConduct a risk assessment to identify which TOYOPUC devices are most critical and prioritize network isolation efforts for those assets

CVEs (2)

CVE-2022-29951 CVE-2022-29958

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a0f61a2e-ebe9-43b3-8f4f-c024287716ca