The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001.
AV:N/AC:M/Au:N/C:C/I:C/A:C3s Software Codesys Runtime System
APP3S-Softwarewszystkie wersjeFesto Cecx X C1 Modular Master Controller
HWFestowszystkie wersjeFesto Cecx X M1 Modular Controller
HWFestowszystkie wersjeSoftmotion3d Softmotion
APPSoftmotion3Dwszystkie wersje
Related vulnerabilities
In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protoc...
A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server. Specifically: all Microsoft...
The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows re...
The CoDeSys Runtime Toolkit’s file transfer functionality does not perform input validation, which allows an ...
The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and ...