// For flags

CVE-2022-3079

Festo: CPX-CEC-C1 and CMXX, Missing Authentication for Critical Webpage Function

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Festo control block CPX-CEC-C1 and CPX-CMXX in multiple versions allow unauthenticated, remote access to critical webpage functions which may cause a denial of service.

El bloque de control de Festo CPX-CEC-C1 y CPX-CMXX en varias versiones, permite el acceso remoto no autenticado a funciones críticas de la página web que pueden causar una denegación de servicio

*Credits: Daniel dos Santos and Rob Hulsebos from Forescout reported to Festo
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-09-01 CVE Reserved
  • 2022-09-20 CVE Published
  • 2024-04-12 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-269: Improper Privilege Management
CAPEC
References (1)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Festo
Search vendor "Festo"
Cpx-cmxx Firmware
Search vendor "Festo" for product "Cpx-cmxx Firmware"
<= 2.0.12
Search vendor "Festo" for product "Cpx-cmxx Firmware" and version " <= 2.0.12"
-
Affected
in Festo
Search vendor "Festo"
Cpx-cmxx
Search vendor "Festo" for product "Cpx-cmxx"
--
Safe
Festo
Search vendor "Festo"
Cpx-cec-c1 Firmware
Search vendor "Festo" for product "Cpx-cec-c1 Firmware"
<= 1.2.34
Search vendor "Festo" for product "Cpx-cec-c1 Firmware" and version " <= 1.2.34"
-
Affected
in Festo
Search vendor "Festo"
Cpx-cec-c1
Search vendor "Festo" for product "Cpx-cec-c1"
--
Safe