CVSS: 10.0EPSS: 0%CPEs: 198EXPL: 0CVE-2022-3270 – Incomplete Documentation of remote functions in FESTO products.
https://notcve.org/view.php?id=CVE-2022-3270
01 Dec 2022 — In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protocol which could lead to a complete loss of confidentiality, integrity and availability. En muchos productos de Festo, un atacante remoto no autenticado podría utilizar funciones de un protocolo no documentado, lo que podría provocar una pérdida total de confidencialidad, integridad y disponibilidad. In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented ... • https://cert.vde.com/en/advisories/VDE-2022-041 • CWE-1059: Insufficient Technical Documentation •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-3079 – Festo: CPX-CEC-C1 and CMXX, Missing Authentication for Critical Webpage Function
https://notcve.org/view.php?id=CVE-2022-3079
20 Sep 2022 — Festo control block CPX-CEC-C1 and CPX-CMXX in multiple versions allow unauthenticated, remote access to critical webpage functions which may cause a denial of service. El bloque de control de Festo CPX-CEC-C1 y CPX-CMXX en varias versiones, permite el acceso remoto no autenticado a funciones críticas de la página web que pueden causar una denegación de servicio • https://cert.vde.com/en/advisories/VDE-2022-036 • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 19EXPL: 0CVE-2022-30311 – FESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerability
https://notcve.org/view.php?id=CVE-2022-30311
13 Jun 2022 — In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. En la familia de productos CECC-X-M1 de Festo en varias versiones, la petición POST del endpoint http "cecc-x-refresh-request" no comprueba la sintaxis del puerto. Esto puede resultar en una ejecución no autorizada de comandos... • https://cert.vde.com/en/advisories/VDE-2022-020 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 1%CPEs: 19EXPL: 0CVE-2022-30310 – FESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerability
https://notcve.org/view.php?id=CVE-2022-30310
13 Jun 2022 — In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. En la familia de productos CECC-X-M1 de Festo en varias versiones, la petición POST del endpoint http "cecc-x-acknerr-request" no comprueba la sintaxis del puerto. Esto puede resultar en una ejecución no autorizada de comandos... • https://cert.vde.com/en/advisories/VDE-2022-020 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 0%CPEs: 19EXPL: 0CVE-2022-30309 – FESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerability
https://notcve.org/view.php?id=CVE-2022-30309
13 Jun 2022 — In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. En la familia de productos CECC-X-M1 de Festo en varias versiones, la petición POST del endpoint http "cecc-x-web-viewer-request-off" no comprueba la sintaxis del puerto. Esto puede resultar en una ejecución no autoriza... • https://cert.vde.com/en/advisories/VDE-2022-020 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 0%CPEs: 19EXPL: 0CVE-2022-30308 – FESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerability
https://notcve.org/view.php?id=CVE-2022-30308
13 Jun 2022 — In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. En la familia de productos CECC-X-M1 de Festo en varias versiones, la petición POST del endpoint http "cecc-x-web-viewer-request-on" no comprueba la sintaxis del puerto. Esto puede resultar en la ejecución no autorizada ... • https://cert.vde.com/en/advisories/VDE-2022-020 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2014-0760
https://notcve.org/view.php?id=CVE-2014-0760
25 Apr 2014 — The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. Festo CECX-X-C1 Modular Master Controller con CoDeSys y CECX-X-M1 Modular Controller con CoDeSys y SoftMotion proporcionan un método de acceso no documentado involucrando el protocolo FTP, lo que ... • http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01 • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2014-0769
https://notcve.org/view.php?id=CVE-2014-0769
25 Apr 2014 — The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001. Festo CECX-X-C1 Modular Master Controller con CoDeSys y CECX-X-M1 Modular Controller con CoDeSys y SoftMotion no requieren autenticación para... • http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01 • CWE-287: Improper Authentication •