CVE-2025-35021

By failing to authenticate three times to an unconfigured Abilis CPX device via SSH, an attacker can login to a restricted shell on the fourth attempt, and from there, relay connections...

CVE-2025-35021

By failing to authenticate three times to an unconfigured Abilis CPX device via SSH, an attacker can login to a restricted shell on the fourth attempt, and from there, relay connections...

CVE-2025-35021 Abilis CPX Fallback Shell Connection Relay

By failing to authenticate three times to an unconfigured Abilis CPX device via SSH, an attacker can login to a restricted shell on the fourth attempt, and from there, relay connections...

CVE-2025-35021

Technical details for CVE-2025-35021 are not publicly provided in the supplied documents. No affected products, versions, impact, or remediation are specified here; monitor for official advisories for concrete information.

CVE-2025-35021 Abilis CPX Fallback Shell Connection Relay

By failing to authenticate three times to an unconfigured Abilis CPX device via SSH, an attacker can login to a restricted shell on the fourth attempt, and from there, relay connections...

Abilis CPX 安全漏洞

Abilis CPX is a software platform for a range of, voice and data network management equipment from Abilis, Italy. A security vulnerability exists in Abilis CPX that originates from the ability to log into a restricted shell after three failed SSH authentication attempts, which could lead to a...

PT-2025-44807

Name of the Vulnerable Software and Affected Versions Abilis CPX affected versions not specified Description An attacker can gain access to a restricted shell on an unconfigured Abilis CPX device by repeatedly failing to authenticate via SSH. Specifically, after three unsuccessful authentication...

CISA Releases Ten Industrial Control Systems Advisories

CISA released ten Industrial Control Systems ICS advisories on September 30, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-273-01 MegaSys Enterprises Telenium Online Web Application ICSA-25-273-02 Festo...

Malicious code in makerspace-cpx-intro (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f001e9f23b801fb8c275858b50785d657d092aac3e06e694490e7e4b5dd0ae1a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Festo Firmware

SUMMARY Incomplete Festo product documentation of remote accessible functions and their required IP ports. Depending on the product a description of the supported features can be found in the product documentation to some extent. Update A, 2022-12-13 Added affected device "Bus module CPX-E-PN,...

CVE-2022-3079

Festo control block CPX-CEC-C1 and CPX-CMXX in multiple versions allow unauthenticated, remote access to critical webpage functions which may cause a denial of service...

CVE-2022-3079 Festo: CPX-CEC-C1 and CMXX, Missing Authentication for Critical Webpage Function

Festo control block CPX-CEC-C1 and CPX-CMXX in multiple versions allow unauthenticated, remote access to critical webpage functions which may cause a denial of service...

CVE-2022-3079

CVE-2022-3079 affects Festo CPX-CEC-C1 and CPX-CMXX controllers across multiple versions. The vulnerability: unauthenticated, remote access to critical webpage functions (e.g., reboot) via the device’s web interface, potentially causing a denial of service. This is documented across multiple sour...

CVE-2022-3079 Festo: CPX-CEC-C1 and CMXX, Missing Authentication for Critical Webpage Function

Festo control block CPX-CEC-C1 and CPX-CMXX in multiple versions allow unauthenticated, remote access to critical webpage functions which may cause a denial of service...

PT-2022-4837

Name of the Vulnerable Software and Affected Versions Festo control block CPX-CEC-C1 and CPX-CMXX versions affected versions not specified Description The issue is related to the lack of authentication for a critical function in the web interface of the Festo control block CPX-CEC-C1 and CPX-CMXX...

Festo CPX-FB36 Communications Adapter

Binary data 200.prm...

CVE-2018-9194

A plaintext recovery of encrypted messages or a Man-in-the-middle MiTM attack on RSA PKCS 1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under VIP SSL feature when CPx being used...

Information disclosure

A plaintext recovery of encrypted messages or a Man-in-the-middle MiTM attack on RSA PKCS 1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under SSL Deep Inspection feature when CPx bein...

CVE-2018-9194

CVE-2018-9194 relates to a plaintext recovery/MiTM vulnerability in RSA PKCS#1 v1.5 encryption exposed under Fortinet FortiOS VIP SSL when CPx is used, affecting FortiOS 5.4.6–5.4.9 and 6.0.0–6.0.1. The issue arises without knowledge of the server’s private key. Connected sources identify the vul...

CVE-2018-9194

A plaintext recovery of encrypted messages or a Man-in-the-middle MiTM attack on RSA PKCS 1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under VIP SSL feature when CPx being used...