Vulnerabilities (CVE)

Filtered by vendor Festo Subscribe
Total 9 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-3270 1 Festo 198 Bus Module Cpx-e-ep, Bus Module Cpx-e-ep Firmware, Bus Node Cpx-fb32 and 195 more 2024-11-21 N/A 9.8 CRITICAL
In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protocol which could lead to a complete loss of confidentiality, integrity and availability.
CVE-2022-3079 1 Festo 4 Cpx-cec-c1, Cpx-cec-c1 Firmware, Cpx-cmxx and 1 more 2024-11-21 N/A 7.5 HIGH
Festo control block CPX-CEC-C1 and CPX-CMXX in multiple versions allow unauthenticated, remote access to critical webpage functions which may cause a denial of service.
CVE-2022-30311 1 Festo 16 Controller Cecc-x-m1, Controller Cecc-x-m1-mv, Controller Cecc-x-m1-mv-s1 and 13 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
CVE-2022-30310 1 Festo 16 Controller Cecc-x-m1, Controller Cecc-x-m1-mv, Controller Cecc-x-m1-mv-s1 and 13 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
CVE-2022-30309 1 Festo 16 Controller Cecc-x-m1, Controller Cecc-x-m1-mv, Controller Cecc-x-m1-mv-s1 and 13 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
CVE-2022-30308 1 Festo 16 Controller Cecc-x-m1, Controller Cecc-x-m1-mv, Controller Cecc-x-m1-mv-s1 and 13 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
CVE-2020-12069 4 Codesys, Festo, Pilz and 1 more 114 Control For Beaglebone, Control For Empc-a\/imx6, Control For Iot2000 and 111 more 2024-11-21 N/A 7.8 HIGH
In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.
CVE-2014-0769 3 3s-software, Festo, Softmotion3d 4 Codesys Runtime System, Cecx-x-c1 Modular Master Controller, Cecx-x-m1 Modular Controller and 1 more 2024-11-21 9.3 HIGH N/A
The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001.
CVE-2014-0760 3 3s-software, Festo, Softmotion3d 4 Codesys Runtime System, Cecx-x-c1 Modular Master Controller, Cecx-x-m1 Modular Controller and 1 more 2024-11-21 9.3 HIGH N/A
The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.