Lucene search
K

8 matches found

ICS
ICS
added 2014/12/26 7:0 a.m.73 views

Festo CECX-X-(C1/M1) Controller Vulnerabilities

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on March 25, 2014, and is now being released to the NCCIC/ICS-CERT web site. K. Reid Wightman of IOActive, Inc. has identified vulnerabilities in Festo’s CECX-X-C1 and CECX-X-M1 controllers. Festo has decided not to...

9.3CVSS7.9AI score0.0315EPSS
Exploits0References10
NVD
NVD
added 2014/04/25 5:12 a.m.23 views

CVE-2014-0769

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to 1 modify the configuration via a request to the debug service on port 4000 o...

9.3CVSS6.9AI score0.02054EPSS
Exploits0References2
NVD
NVD
added 2014/04/25 5:12 a.m.20 views

CVE-2014-0760

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which could allow a remote attacker to execute arbitrary code or cause a denial of service application crash vi...

9.3CVSS7.9AI score0.0315EPSS
Exploits0References2
Prion
Prion
added 2014/04/25 5:12 a.m.15 views

Design/Logic Flaw

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which allows remote attackers to execute arbitrary code or cause a denial of service application crash via...

9.3CVSS8.4AI score0.0315EPSS
Exploits0References1
Prion
Prion
added 2014/04/25 5:12 a.m.18 views

Authentication flaw

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to 1 modify the configuration via a request to the debug service on port 4000 o...

9.3CVSS7.5AI score0.02054EPSS
Exploits0References1
Cvelist
Cvelist
added 2014/04/25 1:0 a.m.25 views

CVE-2014-0760 Festo CECX-X-(C1/M1) Controller Improper Authentication

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which could allow a remote attacker to execute arbitrary code or cause a denial of service application crash vi...

9.3CVSS7.9AI score0.0315EPSS
Exploits0References1
CVE
CVE
added 2014/04/25 1:0 a.m.61 views

CVE-2014-0760

CVE-2014-0760 affects Festo CECX-X-C1 and CECX-X-M1 controllers (CoDeSys/SoftMotion). The issue is an undocumented FTP access path that allows remote attackers to execute arbitrary code or trigger a denial of service via unspecified vectors. Public exploitation is noted in ICS-CERT advisories; mu...

9.3CVSS7.8AI score0.0315EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2014/04/25 1:0 a.m.72 views

CVE-2014-0769

Vulnerability CVE-2014-0769 affects Festo CECX-X-C1 and CECX-X-M1 controllers (CoDeSys/SoftMotion). The issue is improper authentication (CWE-287): unauthenticated access to TCP ports 4000 (debug) and 4001 (log) allows remote attackers to modify configuration or delete log entries. Public advisor...

9.3CVSS7.2AI score0.02054EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder