MidnightBSD

Advisories for jtekt

CVE-2021-27458 MEDIUM

If Ethernet communication of the JTEKT Corporation TOYOPUC product series’ (TOYOPUC-PC10 Series: PC10G-CPU TCC-6353: All versions, PC10GE TCC-6464: All versions, PC10P TCC-6372: All versions, PC10P-DP TCC-6726: All versions, PC10P-DP-IO TCC-6752: All versions, PC10B-P TCC-6373: All versions, PC10B TCC-1021: All versions, PC10B-E/C TCU-6521: All versions, PC10E TCC-4737: All versions; TOYOPUC-Plus Series: Plus CPU TCC-6740: All versions, Plus EX TCU-6741: All versions, Plus EX2 TCU-6858: All versions, Plus EFR TCU-6743: All versions, Plus EFR2 TCU-6859: All versions, Plus 2P-EFR TCU-6929: All versions, Plus BUS-EX TCU-6900: All versions; TOYOPUC-PC3J/PC2J Series: FL/ET-T-V2H THU-6289: All versions, 2PORT-EFR THU-6404: All versions) are left in an open state by an attacker, Ethernet communications cannot be established with other devices, depending on the settings of the link parameters.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-404,

Products Affected

Vendor Product Version
jtekt plus_2p-efr_tcu-6929_firmware *
jtekt fl/et-t-v2h_thu-6289_firmware *
jtekt pc10ge_tcc-6464_firmware *
jtekt plus_efr_tcu-6743_firmware *
jtekt plus_efr2_tcu-6859_firmware *
jtekt 2port-efr_thu-6404_firmware *
jtekt pc10p-dp-io_tcc-6752_firmware *
jtekt pc10b-e/c_tcu-6521_firmware *
jtekt pc10g-cpu_tcc-6353_firmware *
jtekt pc10b_tcc-1021_firmware *
jtekt pc10p_tcc-6372_firmware *
jtekt pc10p-dp_tcc-6726_firmware *
jtekt plus_cpu_tcc-6740_firmware *
jtekt pc10b-p_tcc-6373_firmware *
jtekt plus_ex_tcu-6741_firmware *
jtekt plus_ex2_tcu-6858_firmware *
jtekt pc10e_tcc-4737_firmware *
jtekt plus_bus-ex_tcu-6900_firmware *
CVE-2021-27477 HIGH

When JTEKT Corporation TOYOPUC PLC versions PC10G-CPU, 2PORT-EFR, Plus CPU, Plus EX, Plus EX2, Plus EFR, Plus EFR2, Plus 2P-EFR, PC10P-DP, PC10P-DP-IO, Plus BUS-EX, Nano 10GX, Nano 2ET,PC10PE, PC10PE-16/16P, PC10E, FL/ET-T-V2H, PC10B,PC10B-P, Nano CPU, PC10P, and PC10GE receive an invalid frame, the outside area of a receive buffer for FL-net are overwritten. As a result, the PLC CPU detects a system error, and the affected products stop.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
jtekt pc10p-dp-io_firmware *
jtekt plus_2p-efr_firmware *
jtekt plus_ex2_firmware *
jtekt nano_10gx_firmware *
jtekt pc10p-dp_firmware *
jtekt pc10e_firmware *
jtekt 2port-efr_firmware *
jtekt plus_efr_firmware *
jtekt pc10pe_firmware *
jtekt pc10g-cpu_firmware *
jtekt fl/et-t-v2h_firmware *
jtekt plus_bus-ex_firmware *
jtekt pc10ge_firmware *
jtekt plus_ex_firmware *
jtekt pc10pe-16/16p_firmware *
jtekt plus_cpu_firmware *
jtekt nano_2et_firmware *
jtekt nano_cpu_firmware *
jtekt plus_efr2_firmware *
jtekt pc10p_firmware *
jtekt pc10b_firmware *
jtekt pc10b-p_firmware *
CVE-2021-33011 LOW

All versions of the afffected TOYOPUC-PC10 Series,TOYOPUC-Plus Series,TOYOPUC-PC3J/PC2J Series, TOYOPUC-Nano Series products may not be able to properly process an ICMP flood, which may allow an attacker to deny Ethernet communications between affected devices.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 2.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-770,

Products Affected

Vendor Product Version
jtekt plus_2p-efr_tcu-6929_firmware *
jtekt fl/et-t-v2h_thu-6289_firmware *
jtekt plus_efr2_tcu-6859_firmware *
jtekt nano_10gx_tuc-1157_firmware *
jtekt nano_safety_tuc-1085_firmware *
jtekt pc10b-e/c_tcu-6521_firmware *
jtekt pc10p_tcc-6372_firmware *
jtekt plus_cpu_tcc-6740_firmware *
jtekt pc10e_tcc-4637_firmware *
jtekt ef10_tcu-6982_firmware *
jtekt pc10pe-1616p_tcc-1102_firmware *
jtekt pc10b-p_tcc-6373_firmware *
jtekt plus_ex_tcu-6741_firmware *
jtekt plus_bus-ex_tcu-6900_firmware *
jtekt pc10ge_tcc-6464_firmware *
jtekt plus_efr_tcu-6743_firmware *
jtekt 2port-efr_thu-6404_firmware *
jtekt pc10p-dp-io_tcc-6752_firmware *
jtekt nano_safety_rs01ip_tuu-1087_firmware *
jtekt pc10g-cpu_tcc-6353_firmware *
jtekt pc10b_tcc-1021_firmware *
jtekt nano_safety_rs00ip_tuu-1086_firmware *
jtekt pc10p-dp_tcc-6726_firmware *
jtekt nano_cpu_tuc-6941_firmware *
jtekt pc10pe_tcc-1101_firmware *
jtekt nano_2et_tuu-6949_firmware *
jtekt plus_ex2_tcu-6858_firmware *
CVE-2022-27648

This vulnerability allows remote attackers to execute arbitrary code on affected installations of KOYO Screen Creator 0.1.1.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SCA2 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14868.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
jtekt screen_creator_advance_2 0.1.1.4
jtekt screen_creator_advance_2 *
CVE-2022-29951

JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP protocol (configurable on ports 1024-65534 on either TCP or UDP) for a wide variety of engineering purposes such as starting and stopping the PLC, downloading and uploading projects, and changing configuration settings. This protocol does not have any authentication features, allowing any attacker capable of communicating with the port in question to invoke (a subset of) desired functionality.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2

Products Affected

Vendor Product Version
jtekt pc10b-p_tcc-6373_firmware -
jtekt nano_10gx_tuc-1157_firmware -
jtekt pc10pe_tcc-1101_firmware -
jtekt pc10p-dp-io_tcc-6752_firmware -
jtekt pc10b_tcc-1021_firmware -
jtekt pc10e_tcc-4737_firmware -
jtekt pc3jx_tcc-6901_firmware -
jtekt pc3jx-d_tcc-6902_firmware -
jtekt pcdl_tkc-6688_firmware -
jtekt nano_cpu_tuc-6941_firmware -
jtekt pc10p-dp_tcc-6726_firmware -
jtekt pc10g-cpu_tcc-6353_firmware -
jtekt pc10ge_tcc-6464_firmware -
jtekt pc10p_tcc-6372_firmware -
jtekt pc10pe-1616p_tcc-1102_firmware -
jtekt pc10el_tcc-4747_firmware -
jtekt plus_cpu_tcc-6740_firmware -
CVE-2022-29958

JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. They utilize the unauthenticated CMPLink/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. Control logic is downloaded to the PLC on a block-by-block basis with a given memory address and a blob of machine code. The logic that is downloaded to the PLC is not cryptographically authenticated, allowing an attacker to execute arbitrary machine code on the PLC's CPU module in the context of the runtime. In the case of the PC10G-CPU, and likely for other CPU modules of the TOYOPUC family, a processor without MPU or MMU is used and this no memory protection or privilege-separation capabilities are available, giving an attacker full control over the CPU.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
jtekt pc10b-p_tcc-6373_firmware -
jtekt nano_10gx_tuc-1157_firmware -
jtekt pc10pe_tcc-1101_firmware -
jtekt pc10p-dp-io_tcc-6752_firmware -
jtekt pc10b_tcc-1021_firmware -
jtekt pc10e_tcc-4737_firmware -
jtekt pc3jx_tcc-6901_firmware -
jtekt pc3jx-d_tcc-6902_firmware -
jtekt pcdl_tkc-6688_firmware -
jtekt nano_cpu_tuc-6941_firmware -
jtekt pc10p-dp_tcc-6726_firmware -
jtekt pc10g-cpu_tcc-6353_firmware -
jtekt pc10ge_tcc-6464_firmware -
jtekt pc10p_tcc-6372_firmware -
jtekt pc10pe-1616p_tcc-1102_firmware -
jtekt pc10el_tcc-4747_firmware -
jtekt plus_cpu_tcc-6740_firmware -
CVE-2023-22345

Out-of-bound write vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier due to lack of error handling process when out of specification errors are detected. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
jtekt screen_creator_advance_2 0.1.1.4
jtekt screen_creator_advance_2 *
CVE-2023-22346

Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing template information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
jtekt screen_creator_advance_2 0.1.1.4
jtekt screen_creator_advance_2 *
CVE-2023-22347

Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing file structure information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
jtekt screen_creator_advance_2 0.1.1.4
jtekt screen_creator_advance_2 *
CVE-2023-22349

Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing screen management information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
jtekt screen_creator_advance_2 0.1.1.4
jtekt screen_creator_advance_2 *
CVE-2023-22350

Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing parts management information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
jtekt screen_creator_advance_2 0.1.1.4
jtekt screen_creator_advance_2 *
CVE-2023-22353

Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing control management information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
jtekt screen_creator_advance_2 0.1.1.4
jtekt screen_creator_advance_2 *
CVE-2023-22360

Use-after free vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier due to lack of error handling process even when an error was detected. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
jtekt screen_creator_advance_2 0.1.1.4
jtekt screen_creator_advance_2 *
CVE-2023-22419

Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. When processing a comment block in stage information, the end of data cannot be verified and out-of-bounds read occurs. As a result, opening a specially crafted project file may lead to information disclosure and/or arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
jtekt kostac_plc_programming_software *
CVE-2023-22421

Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. The insufficient buffer size for the PLC program instructions leads to out-of-bounds read. As a result, opening a specially crafted project file may lead to information disclosure and/or arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
jtekt kostac_plc_programming_software *
CVE-2023-22424

Use-after-free vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. With the abnormal value given as the maximum number of columns for the PLC program, the process accesses the freed memory. As a result, opening a specially crafted project file may lead to information disclosure and/or arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
jtekt kostac_plc_programming_software *
CVE-2023-25755

Screen Creator Advance 2 Ver.0.1.1.4 Build01A and earlier is vulnerable to improper restriction of operations within the bounds of a memory buffer (CWE-119) due to improper check of its data size when processing a project file. If a user of Screen Creator Advance 2 opens a specially crafted project file, information may be disclosed and/or arbitrary code may be executed.

Products Affected

Vendor Product Version
jtekt screen_creator_advance_2 0.1.1.4
jtekt screen_creator_advance_2 *
CVE-2023-41374

Double free issue exists in Kostac PLC Programming Software Version 1.6.11.0 and earlier. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of KPP project files. The vendor states that Kostac PLC Programming Software Version 1.6.10.0 or later implements the function which prevents a project file alteration. Therefore, to mitigate the impact of these vulnerabilities, a project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier needs to be saved again using Kostac PLC Programming Software Version 1.6.10.0 or later.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
jtekt kostac_plc *
jtekt kostac_plc 1.6.11.0
CVE-2023-41375

Use after free vulnerability exists in Kostac PLC Programming Software Version 1.6.11.0. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of KPP project files. The vendor states that Kostac PLC Programming Software Version 1.6.10.0 or later implements the function which prevents a project file alteration. Therefore, to mitigate the impact of these vulnerabilities, a project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier needs to be saved again using Kostac PLC Programming Software Version 1.6.10.0 or later.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
jtekt kostac_plc *
jtekt kostac_plc 1.6.11.0
CVE-2023-41963

Denial-of-service (DoS) vulnerability exists in FTP service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
jtekt gc-a27-c_firmware *
jtekt gc-a22w-cw_firmware *
jtekt gc-a26_firmware *
jtekt gc-a28-c_firmware *
jtekt gc-a24w-c(w)_firmware *
jtekt gc-a26w-c(w)_firmware *
jtekt gc-a26-j2_firmware *
jtekt gc-a24-m_firmware *
jtekt gc-a24_firmware *
jtekt gc-a25_firmware *
CVE-2023-42506

Improper restriction of operations within the bounds of a memory buffer issue exists in OnSinView2 versions 2.0.1 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user open a specially crafted OnSinView2 project file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
jtekt onsinview2 *
CVE-2023-42507

Stack-based buffer overflow vulnerability exists in OnSinView2 versions 2.0.1 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user open a specially crafted OnSinView2 project file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
jtekt onsinview2 *
CVE-2023-49140

Denial-of-service (DoS) vulnerability exists in commplex-link service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
jtekt gc-a27-c_firmware *
jtekt gc-a22w-cw_firmware *
jtekt gc-a26_firmware *
jtekt gc-a28-c_firmware *
jtekt gc-a24w-c(w)_firmware *
jtekt gc-a26w-c(w)_firmware *
jtekt gc-a26-j2_firmware *
jtekt gc-a24-m_firmware *
jtekt gc-a24_firmware *
jtekt gc-a25_firmware *
CVE-2023-49143

Denial-of-service (DoS) vulnerability exists in rfe service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
jtekt gc-a27-c_firmware *
jtekt gc-a22w-cw_firmware *
jtekt gc-a26_firmware *
jtekt gc-a28-c_firmware *
jtekt gc-a24w-c(w)_firmware *
jtekt gc-a26w-c(w)_firmware *
jtekt gc-a26-j2_firmware *
jtekt gc-a24-m_firmware *
jtekt gc-a24_firmware *
jtekt gc-a25_firmware *
CVE-2023-49713

Denial-of-service (DoS) vulnerability exists in NetBIOS service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
jtekt gc-a27-c_firmware *
jtekt gc-a22w-cw_firmware *
jtekt gc-a26_firmware *
jtekt gc-a28-c_firmware *
jtekt gc-a24w-c(w)_firmware *
jtekt gc-a26w-c(w)_firmware *
jtekt gc-a26-j2_firmware *
jtekt gc-a24-m_firmware *
jtekt gc-a24_firmware *
jtekt gc-a25_firmware *