HIGH🇵🇱 Wersja polska

CVE-2014-0769

CVSS 9.3v2.0pub. 2014-04-25upd. 2026-05-06

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001.

CVSS Vector
AV:N/AC:M/Au:N/C:C/I:C/A:C
  • 3s Software Codesys Runtime System

    APP
    3S-Software
    wszystkie wersje
  • Festo Cecx X C1 Modular Master Controller

    HW
    Festo
    wszystkie wersje
  • Festo Cecx X M1 Modular Controller

    HW
    Festo
    wszystkie wersje
  • Softmotion3d Softmotion

    APP
    Softmotion3D
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2022-3270CRITICAL9.8ten sam produkt

In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protoc...

CVE-2018-5440CRITICAL9.8ten sam produkt

A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server. Specifically: all Microsoft...

CVE-2012-6068CRITICAL9.8ten sam produkt

The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows re...

CVE-2012-6069CRITICAL10.0ten sam produkt

The CoDeSys Runtime Toolkit’s file transfer functionality does not perform input validation, which allows an ...

CVE-2014-0760HIGH9.3ten sam produkt

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and ...