Incomplete Documentation of remote functions in FESTO products.
CVE-2022-3270

9.8CRITICAL

Key Information:

Vendor: Festo Se
Status: Bus Module Cpx-e-ep; Bus Node Cpx-fb32; Bus Node Cpx-fb33; Bus Node Cpx-fb36
Vendor: CVE Published:; 1 December 2022

What is CVE-2022-3270?

In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protocol which could lead to a complete loss of confidentiality, integrity and availability.

Affected Version(s)

Bus module CPX-E-EP all

Bus module CPX-E-PN all

Bus node CPX-FB32 all

References

https://cert.vde.com/en/advisories/VDE-2022-041/

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 1, 2022
Vulnerability Reserved
Sep 22, 2022

CVE-2022-3270 Data

JSON

Festo Se

What is CVE-2022-3270?

Affected Version(s)

References

CVSS V3.1

Timeline