Cyber Resilience

CVE-2021-27458

High

Published: 19 April 2021

Published
19 April 2021
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0026 49.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-27458 is a high-severity Improper Resource Shutdown or Release (CWE-404) vulnerability in Jtekt Pc10G-Cpu Tcc-6353 Firmware. Its CVSS base score is 7.5 (High).

Operationally, ranked at the 49.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

If Ethernet communication of the JTEKT Corporation TOYOPUC product series’ (TOYOPUC-PC10 Series: PC10G-CPU TCC-6353: All versions, PC10GE TCC-6464: All versions, PC10P TCC-6372: All versions, PC10P-DP TCC-6726: All versions, PC10P-DP-IO TCC-6752: All versions, PC10B-P TCC-6373: All versions, PC10B TCC-1021: All versions,…

more

PC10B-E/C TCU-6521: All versions, PC10E TCC-4737: All versions; TOYOPUC-Plus Series: Plus CPU TCC-6740: All versions, Plus EX TCU-6741: All versions, Plus EX2 TCU-6858: All versions, Plus EFR TCU-6743: All versions, Plus EFR2 TCU-6859: All versions, Plus 2P-EFR TCU-6929: All versions, Plus BUS-EX TCU-6900: All versions; TOYOPUC-PC3J/PC2J Series: FL/ET-T-V2H THU-6289: All versions, 2PORT-EFR THU-6404: All versions) are left in an open state by an attacker, Ethernet communications cannot be established with other devices, depending on the settings of the link parameters.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

jtekt
pc10g-cpu tcc-6353 firmware
all versions
jtekt
pc10ge tcc-6464 firmware
all versions
jtekt
pc10p tcc-6372 firmware
all versions
jtekt
pc10p-dp tcc-6726 firmware
all versions
jtekt
pc10p-dp-io tcc-6752 firmware
all versions
jtekt
pc10b-p tcc-6373 firmware
all versions
jtekt
pc10b tcc-1021 firmware
all versions
jtekt
pc10b-e\/c tcu-6521 firmware
all versions
jtekt
pc10e tcc-4737 firmware
all versions
jtekt
plus cpu tcc-6740 firmware
all versions
+8 more product configuration(s) — see NVD for full list

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-404

Contingency plan updates incorporate proper resource shutdown and release steps, preventing attackers from leveraging incomplete cleanup during recovery scenarios.

addresses: CWE-404

Mandates explicit shutdown of the network connection at session conclusion, directly addressing improper resource release.

addresses: CWE-404

Requires proper shutdown/release procedures that include overwriting or isolating data to block unintended transfer via reused system objects.

addresses: CWE-404

Procedures can mandate orderly shutdown or release of resources when failures occur, preventing improper resource handling after a fault.

References