Undocumented FTP Access Vulnerability in Festo CECX Modular Controllers
CVE-2014-0760

Currently unrated

Key Information:

Vendor: Festo
Status: Cecx-x-c1 Modular Master Controller With Codesys; Cecx-x-m1 Modular Controller With Codesys And Softmotion
Vendor: CVE Published:; 25 April 2014

What is CVE-2014-0760?

The Festo CECX-X-C1 Modular Master Controller and CECX-X-M1 Modular Controller expose an undocumented access method via the FTP protocol. This vulnerability allows unauthorized remote attackers to execute arbitrary code or cause application crashes through unspecified vectors, posing serious security risks to the integrity and availability of the systems.

Affected Version(s)

CECX-X-C1 Modular Master Controller with CoDeSys all

CECX-X-M1 Modular Controller with CoDeSys and SoftMotion all

References

https://www.cisa.gov/news-events/ics-advisories/icsa-14-0...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 25, 2014
Vulnerability Reserved
Jan 2, 2014

CVE-2014-0760 Data

JSON