Blog

The first vulnerabilities are being discovered in the TOYOPUC protocol

Aug 03, 2021

One of the first vulnerabilities in the TOYOPUC protocol was discovered by TXOne Networks’ own threat researcher Chris Yang working with Trend Micro’s Zero Day Initiative on June 29, 2021. This vulnerability, assigned CVE-2021-27477, allows an attacker to crash the device being accessed, and this is a low-complexity attack that can be performed from an adjacent network to cause a system error in the PLC CPU and bring affected products to a sharp stop.

 

The following versions of the PLC are affected:

  • PC10G-CPU
  • 2PORT-EFR
  • Plus CPU
  • Plus EX
  • Plus EX2
  • Plus EFR
  • Plus EFR2
  • Plus 2P-EFR
  • PC10P-DP
  • PC10P-DP-IO
  • Plus BUS-EX
  • Nano 10GX
  • Nano 2ET
  • PC10PE
  • PC10PE-16/16P
  • PC10E
  • FL/ET-T-V2H
  • PC10B
  • PC10B-P
  • Nano CPU
  • PC10P
  • PC10GE

Furthermore, the following PLC firmware versions have been fixed by JTEKT to address the vulnerability:

  • PC10G-CPU: Versions 3.91 or later
  • 2PORT-EFR: Versions 1.50 or later
  • PC10P-DP: Versions 1.50 or later
  • PC10P-DP-IO: Versions 1.50 or later
  • Nano 10GX: Versions 3.00 or later
  • Nano 2ET: Versions 2.40 or later
  • PC10PE: Versions 1.02 or later
  • PC10PE-16/16P: Versions 1.02 or later
  • PC10E: Versions 1.12 or later
  • FL/ET-T-V2H: Versions F2.8 E1.5 or later
  • PC10B: Versions 1.11 or later
  • PC10B-P: Versions 1.11 or later
  • Nano CPU: Versions 2.08 or later
  • PC10P: Versions 1.05 or later
  • PC10GE: Versions 1.04 or later

PLUS SERIES

  • Plus CPU: Versions 3.11 or later
  • Plus EX: Versions 3.11 or later
  • Plus EX2: Versions 3.11 or later
  • Plus EFR: Versions 3.11 or later
  • Plus EFR2: Versions 3.11 or later
  • Plus 2P-EFR: Versions 3.11 or later
  • Plus BUS-EX: Version 2.13 or later

Those firmware updates are available online from JTEKT here. They’ve clarified that updating Plus series expansion boards is unnecessary. For operators running a Plus series expansion board, the Plus CPU or Plus BUS-EX connected to the board should be updated instead.

 

Currently, only TXOne Networks’ solutions can support the TOYOPUC protocol, providing the network segmentation and virtual patching that make attacks such as this more difficult to execute. Network segmentation breaks up a network into zones that prevent lateral movement, making it significantly more difficult to send commands to or even access devices with vulnerabilities like this one, while virtual patch technology allows devices to be patched virtually instead of directly updated, allowing vulnerabilities to be remedied without any interruption to operations.  Both are provided by TXOne’s Edge series – EdgeFireEdgeIPS, and EdgeIPS Pro.

 

Learn more about network segmentation from our white paper, Network Segmentation: The OT Standard for Industry 4.0

TXOne image
TXOne Networks

Need Assistance with OT Security ?

Our team is here to assist with OT security challenges and provide guidance on implementing effective solutions.​