The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001.
References
Link | Resource |
---|---|
http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01 | US Government Resource |
http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01 | US Government Resource |
Configurations
History
21 Nov 2024, 02:02
Type | Values Removed | Values Added |
---|---|---|
References | () http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01 - US Government Resource |
Information
Published : 2014-04-25 05:12
Updated : 2024-11-21 02:02
NVD link : CVE-2014-0769
Mitre link : CVE-2014-0769
CVE.ORG link : CVE-2014-0769
JSON object : View
Products Affected
softmotion3d
- softmotion
festo
- cecx-x-m1_modular_controller
- cecx-x-c1_modular_master_controller
3s-software
- codesys_runtime_system
CWE
CWE-287
Improper Authentication