CVE-2014-0760

2014-04-2505:12:07

CWE-287

[email protected]

web.nvd.nist.gov

festo

cecx-x-c1

cecx-x-m1

modular controllers

ftp

remote code execution

cve-2014-0760

codesys

softmotion

denial of service

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.1 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

82.1%

JSON

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

Affected configurations

NVD

Node

3s-softwarecodesys_runtime_systemMatch-

AND

festocecx-x-c1_modular_master_controllerMatch-

Node

softmotion3dsoftmotionMatch-

AND

festocecx-x-m1_modular_controllerMatch-

CPENameOperatorVersion
3s-software:codesys_runtime_system3s-software codesys runtime systemeq-
festo:cecx-x-c1_modular_master_controllerfesto cecx-x-c1 modular master controllereq-

CPE	Name	Operator	Version
3s-software:codesys_runtime_system	3s-software codesys runtime system	eq	-
festo:cecx-x-c1_modular_master_controller	festo cecx-x-c1 modular master controller	eq	-