Lucene search

[email protected]CVE-2014-0769

HistoryApr 25, 2014 - 5:12 a.m.

CVE-2014-0769

2014-04-2505:12:07

CWE-287

[email protected]

web.nvd.nist.gov

festo

cecx-x-c1

cecx-x-m1

modular controllers

codesys

softmotion

authentication bypass

tcp ports

remote attack

configuration modification

log deletion

cve-2014-0769

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.2 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.6%

JSON

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001.

Affected configurations

NVD

Node

softmotion3dsoftmotionMatch-

AND

festocecx-x-m1_modular_controllerMatch-

Node

3s-softwarecodesys_runtime_systemMatch-

AND

festocecx-x-c1_modular_master_controllerMatch-

CPENameOperatorVersion
softmotion3d:softmotionsoftmotion3d softmotioneq-
festo:cecx-x-m1_modular_controllerfesto cecx-x-m1 modular controllereq-

CPE	Name	Operator	Version
softmotion3d:softmotion	softmotion3d softmotion	eq	-
festo:cecx-x-m1_modular_controller	festo cecx-x-m1 modular controller	eq	-

References

ics-cert.us-cert.gov/advisories/ICSA-14-084-01

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.2 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.6%

JSON

Related for CVE-2014-0769

cvelist1 nessus1 prion1 nvd1 ics1