Authentication Bypass in Festo Modular Controllers
CVE-2014-0769

Currently unrated

Key Information:

Vendor: Festo
Status: Cecx-x-c1 Modular Master Controller With Codesys; Cecx-x-m1 Modular Controller With Codesys And Softmotion
Vendor: CVE Published:; 25 April 2014

What is CVE-2014-0769?

The Festo CECX-X-C1 and CECX-X-M1 Modular Controllers contain a vulnerability that permits remote attackers to connect without authentication to specific TCP ports. This allows potential manipulation of the device’s configuration and unauthorized deletion of log entries through access to the debug and log services. Such flaws can significantly compromise the integrity and reliability of industrial control systems, making it imperative for users to take immediate action to secure these devices.

Affected Version(s)

CECX-X-C1 Modular Master Controller with CoDeSys all

CECX-X-M1 Modular Controller with CoDeSys and SoftMotion all

References

https://www.cisa.gov/news-events/ics-advisories/icsa-14-0...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 25, 2014
Vulnerability Reserved
Jan 2, 2014

CVE-2014-0769 Data

JSON