Description:

JTEKT Corporation has released a security alert to address a vulnerability in the following products:

• PC10G-CPU Type=TCC-6353: All versions
• PC10GE Type=TCC-6464: All versions
• PC10P Type=TCC-6372: All versions
• PC10P-DP Type=TCC-6726: All versions
• PC10P-DP-IO Type=TCC-6752: All versions
• PC10B-P Type=TCC-6373: All versions
• PC10B Type=TCC-1021: All versions
• PC10E Type=TCC-4737: All versions
• PC10EL Type=TCC-4747: All versions
• Plus CPU Type=TCC-6740: All versions
• PC3JX Type=TCC-6901: All versions
• PC3JX-D Type=TCC-6902: All versions
• PC10PE Type=TCC-1101: All versions
• PC10PE-1616P Type=TCC-1102: All versions
• PCDL Type=TKC-6688: All versions
• Nano 10GX Type=TUC-1157: All versions
• Nano CPU Type=TUC-6941: All versions

Threats:

An attacker could exploit these vulnerabilities by doing the following:

• Improper Authentication

Best practice and Recommendations:

The CERT team encourages users to review the following practices:

• When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available.
• Locate control system networks and remote devices behind firewalls and isolate them from the business network.
• Minimize network exposure for all control system devices and/or systems, use IP filter functions to allow only specific personal computer/device to connect, and ensure they are not accessible from the Internet.
• To prevent unauthorized devices from being connected to the free ports of the HUB, use a LAN port lock to close the free ports.