HIGH🇬🇧 English

CVE-2014-0760

CVSS 9.3v2.0pub. 2014-04-25upd. 2026-05-06

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which could allow a remote attacker to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

oryginał EN
CVSS Vector
AV:N/AC:M/Au:N/C:C/I:C/A:C
  • 3s Software Codesys Runtime System

    APP
    3S-Software
    wszystkie wersje
  • Festo Cecx X C1 Modular Master Controller

    HW
    Festo
    wszystkie wersje
  • Festo Cecx X M1 Modular Controller

    HW
    Festo
    wszystkie wersje
  • Softmotion3d Softmotion

    APP
    Softmotion3D
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCEDoSAuth Bypass
CWE
Referencje

Powiązane podatności

CVE-2022-3270CRITICAL9.8ten sam produkt

In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protoc...

CVE-2018-5440CRITICAL9.8ten sam produkt

A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server. Specifically: all Microsoft...

CVE-2012-6068CRITICAL9.8ten sam produkt

The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows re...

CVE-2012-6069CRITICAL10.0ten sam produkt

The CoDeSys Runtime Toolkit’s file transfer functionality does not perform input validation, which allows an ...

CVE-2014-0769HIGH9.3ten sam produkt

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and S...