CVE-2022-3079
Festo: CPX-CEC-C1 and CMXX, Missing Authentication for Critical Webpage Function
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Festo control block CPX-CEC-C1 and CPX-CMXX in multiple versions allow unauthenticated, remote access to critical webpage functions which may cause a denial of service.
El bloque de control de Festo CPX-CEC-C1 y CPX-CMXX en varias versiones, permite el acceso remoto no autenticado a funciones críticas de la página web que pueden causar una denegación de servicio
*Credits:
Daniel dos Santos and Rob Hulsebos from Forescout reported to Festo
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-09-01 CVE Reserved
- 2022-09-20 CVE Published
- 2024-08-03 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-269: Improper Privilege Management
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://cert.vde.com/en/advisories/VDE-2022-036 | Mitigation |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Festo Search vendor "Festo" | Cpx-cmxx Firmware Search vendor "Festo" for product "Cpx-cmxx Firmware" | <= 2.0.12 Search vendor "Festo" for product "Cpx-cmxx Firmware" and version " <= 2.0.12" | - |
Affected
| in | Festo Search vendor "Festo" | Cpx-cmxx Search vendor "Festo" for product "Cpx-cmxx" | - | - |
Safe
|
| Festo Search vendor "Festo" | Cpx-cec-c1 Firmware Search vendor "Festo" for product "Cpx-cec-c1 Firmware" | <= 1.2.34 Search vendor "Festo" for product "Cpx-cec-c1 Firmware" and version " <= 1.2.34" | - |
Affected
| in | Festo Search vendor "Festo" | Cpx-cec-c1 Search vendor "Festo" for product "Cpx-cec-c1" | - | - |
Safe
|