MidnightBSD

Advisories for festo

CVE-2014-0760 HIGH

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which could allow a remote attacker to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
3s-software codesys_runtime_system -
softmotion3d softmotion -
festo cecx-x-m1_modular_controller -
festo cecx-x-c1_modular_master_controller -
CVE-2014-0769 HIGH

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
3s-software codesys_runtime_system -
softmotion3d softmotion -
festo cecx-x-m1_modular_controller -
festo cecx-x-c1_modular_master_controller -
CVE-2020-12069

In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device.

Products Affected

Vendor Product Version
wago 762-4302/8000-002_firmware *
wago 750-8215_firmware *
wago 762-6203/8000-001_firmware *
festo controller_cecc-d_firmware 2.3.8.1
wago 762-5303/8000-002_firmware *
pilz pmc *
codesys control_for_plcnext *
wago 750-8102_firmware *
wago 750-8214_firmware *
wago 762-4301/8000-002_firmware *
wago 750-8213_firmware *
wago 762-5205/8000-001_firmware *
wago 750-8210_firmware *
festo controller_cecc-s_firmware 2.3.8.0
wago 750-8204_firmware *
wago 750-8217_firmware -
codesys control_for_pfc100 *
codesys control_for_raspberry_pi *
wago 762-4206/8000-001_firmware *
wago 750-8203_firmware *
wago 750-8206_firmware *
codesys control_for_empc-a/imx6 *
wago 762-4201/8000-001_firmware *
wago 762-4205/8000-001_firmware *
festo controller_cecc-s_firmware 2.3.8.1
wago 750-8216_firmware *
wago 750-8212_firmware *
codesys control_win_v3 *
wago 762-4304/8000-002_firmware *
codesys v3_simulation_runtime *
wago 750-8211_firmware *
wago 762-4203/8000-001_firmware *
wago 762-4204/8000-001_firmware *
codesys control_for_iot2000 *
wago 762-5306/8000-002_firmware *
festo controller_cecc-lk_firmware 2.3.8.0
wago 750-8101_firmware *
wago 762-6301/8000-002_firmware *
wago 762-6204/8000-001_firmware *
codesys hmi_v3 *
codesys control_rte_v3 *
wago 762-5305/8000-002_firmware *
wago 762-6201/8000-001_firmware *
wago 750-8100_firmware *
wago 762-5304/8000-002_firmware *
codesys control_for_beaglebone *
wago 762-4303/8000-002_firmware *
wago 762-4205/8000-002_firmware *
wago 762-5203/8000-001_firmware *
wago 762-6304/8000-002_firmware *
wago 750-8207_firmware *
festo controller_cecc-lk_firmware 2.3.8.1
wago 762-5204/8000-001_firmware *
wago 762-6302/8000-002_firmware *
wago 762-5206/8000-001_firmware *
wago 762-4202/8000-001_firmware *
codesys control_v3_runtime_system_toolkit *
festo controller_cecc-d_firmware 2.3.8.0
wago 762-4206/8000-002_firmware *
wago 762-6202/8000-001_firmware *
codesys control_for_linux *
wago 762-4305/8000-002_firmware *
wago 750-8202_firmware *
wago 762-4306/8000-002_firmware *
wago 752-8303/8000-0002_firmware *
codesys control_for_pfc200 *
wago 762-6303/8000-002_firmware *
CVE-2022-30308 HIGH

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-863,CWE-78,CWE-863,

Products Affected

Vendor Product Version
festo controller_cecc-x-m1_firmware 4.0.14
festo controller_cecc-x-m1-mv-s1_firmware 4.0.14
festo controller_cecc-x-m1-mv_firmware 4.0.14
festo controller_cecc-x-m1_firmware *
festo servo_press_kit_yjkp_firmware *
festo controller_cecc-x-m1-ys-l1_firmware *
festo controller_cecc-x-m1-mv_firmware *
festo controller_cecc-x-m1-ys-l2_firmware *
festo controller_cecc-x-m1-y-yjkp_firmware *
festo controller_cecc-x-m1-mv-s1_firmware *
festo servo_press_kit_yjkp-_firmware *
CVE-2022-30309 HIGH

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-863,CWE-78,CWE-863,

Products Affected

Vendor Product Version
festo controller_cecc-x-m1_firmware 4.0.14
festo controller_cecc-x-m1-mv-s1_firmware 4.0.14
festo controller_cecc-x-m1-mv_firmware 4.0.14
festo controller_cecc-x-m1_firmware *
festo servo_press_kit_yjkp_firmware *
festo controller_cecc-x-m1-ys-l1_firmware *
festo controller_cecc-x-m1-mv_firmware *
festo controller_cecc-x-m1-ys-l2_firmware *
festo controller_cecc-x-m1-y-yjkp_firmware *
festo controller_cecc-x-m1-mv-s1_firmware *
festo servo_press_kit_yjkp-_firmware *
CVE-2022-30310 HIGH

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-863,CWE-78,CWE-863,

Products Affected

Vendor Product Version
festo controller_cecc-x-m1_firmware 4.0.14
festo controller_cecc-x-m1-mv-s1_firmware 4.0.14
festo controller_cecc-x-m1-mv_firmware 4.0.14
festo controller_cecc-x-m1_firmware *
festo servo_press_kit_yjkp_firmware *
festo controller_cecc-x-m1-ys-l1_firmware *
festo controller_cecc-x-m1-mv_firmware *
festo controller_cecc-x-m1-ys-l2_firmware *
festo controller_cecc-x-m1-y-yjkp_firmware *
festo controller_cecc-x-m1-mv-s1_firmware *
festo servo_press_kit_yjkp-_firmware *
CVE-2022-30311 HIGH

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-863,CWE-78,CWE-863,

Products Affected

Vendor Product Version
festo controller_cecc-x-m1_firmware 4.0.14
festo controller_cecc-x-m1-mv-s1_firmware 4.0.14
festo controller_cecc-x-m1-mv_firmware 4.0.14
festo controller_cecc-x-m1_firmware *
festo servo_press_kit_yjkp_firmware *
festo controller_cecc-x-m1-ys-l1_firmware *
festo controller_cecc-x-m1-mv_firmware *
festo controller_cecc-x-m1-ys-l2_firmware *
festo controller_cecc-x-m1-y-yjkp_firmware *
festo controller_cecc-x-m1-mv-s1_firmware *
festo servo_press_kit_yjkp-_firmware *
CVE-2022-3079

Festo control block CPX-CEC-C1 and CPX-CMXX in multiple versions allow unauthenticated, remote access to critical webpage functions which may cause a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
festo cpx-cec-c1_firmware *
festo cpx-cmxx_firmware *
CVE-2022-3270

In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protocol which could lead to a complete loss of confidentiality, integrity and availability.

Products Affected

Vendor Product Version
festo cecx-x-m1_modular_controller_firmware -
festo servo_cmmt-as-c2-11a-p3-pn-s1_firmware -
festo cecx-x-c1_modular_master_controller_firmware -
festo controller_cecc-x-m1-ys-l2_firmware -
festo servo_cmmt-as-c4-3a-ec-s1_firmware -
festo controller_cecc-x-m1_firmware -
festo servo_cmmt-as-c5-11a-p3-ep-s1_firmware -
festo vtem-s1-c_firmware -
festo compact_vision_system_sboi-q_firmware -
festo control_block_cpx-cec-c1_firmware -
festo planar_surface_gantry_excm-30_firmware -
festo motor_controller_cmmo-st-c5-1-lkp_firmware -
festo gateway_cpx-iot_firmware -
festo controller_cecc-s_firmware -
festo controller_cecc-d_firmware -
festo controller_cecc-x-m1-mv_firmware -
festo operator_unit_cdpx-x-a-w-7_firmware -
festo operator_unit_cdpx-x-a-w-13_firmware -
festo compact_vision_system_sboi-m_firmware -
festo servo_cmmt-as-c7-11a-p3-ep-s1_firmware -
festo control_block_cpx-cec-m1_firmware -
festo servo_cmmt-as-c5-11a-p3-pn-s1_firmware -
festo bus_node_cteu-ep_firmware -
festo motor_controller_cmmp-as-c5-11a-p3-m3_firmware -
festo servo_cmmt-as-c7-11a-p3-ec-s1_firmware -
festo integrated_drive_emca-ec-67-m-1te-ep_firmware -
festo compact_vision_system_sboc-q_firmware -
festo vtem-s1-27_firmware -
festo bus_node_cpx-fb33_firmware -
festo ethernet/ip_interface_cpx-ap-i-pn-m12_firmware -
festo servo_cmmt-as-c2-3a-pn-s1_firmware -
festo operator_unit_cdpx-x-a-s-10_firmware -
festo controller_cecc-lk_firmware -
festo planar_surface_gantry_excm-40_firmware -
festo bus_node_cpx-m-fb35_firmware -
festo integrated_drive_emca-ec-67_firmware -
festo motor_controller_cmmp-as-c2-3a-m0_firmware -
festo bus_node_cteu-pn-ex1c_firmware -
festo compact_vision_system_sboc-m_firmware -
festo motor_controller_cmmp-as-c5-3a-m3_firmware -
festo servo_cmmt-as-c2-3a-mp-s1_firmware -
festo servo_cmmt-as-c4-3a-mp-s1_firmware -
festo control_block_cpx-cec-c1-v3_firmware -
festo bus_node_cpx-fb37_firmware -
festo bus_node_cpx-fb32_firmware -
festo control_block_cpx-fec-1-ie_firmware -
festo motor_controller_cmmp-as-c5-3a-m0_firmware -
festo controller_cecc-x-m1-mv-s1_firmware -
festo ethernet/ip_interface_cpx-ap-i-ep-m12_firmware -
festo servo_cmmt-as-c4-3a-ep-s1_firmware -
festo bus_node_cpx-fb39_firmware -
festo motor_controller_cmmp-as-c15-11a-p3-m3_firmware -
festo camera_system_chb-c-n_firmware -
festo control_block_cpx-cmxx_firmware -
festo servo_cmmt-as-c2-11a-p3-mp-s1_firmware -
festo servo_cmmt-as-c7-11a-p3-pn-s1_firmware -
festo servo_cmmt-as-c4-3a-pn-s1_firmware -
festo motor_controller_cmmp-as-c10-11a-p3-m3_firmware -
festo control_block_cpx-cec-m1-v3_firmware -
festo servo_cmmt-as-c7-11a-p3-mp-s1_firmware -
festo servo_cmmt-as-c5-11a-p3-ec-s1_firmware -
festo servo_drive_cmmt-st-c8-1c-ep-s0_firmware -
festo bus_node_cpx-fb43_firmware -
festo servo_cmmt-as-c12-11a-p3-pn-s1_firmware -
festo motor_controller_cmmo-st-c5-1-diop_firmware -
festo servo_cmmt-as-c3-11a-p3-mp-s1_firmware -
festo bus_module_cpx-e-ep_firmware -
festo bus_node_cpx-fb36_firmware -
festo servo_cmmt-as-c12-11a-p3-ep-s1_firmware -
festo servo_cmmt-as-c3-11a-p3-ep-s1_firmware -
festo motor_controller_cmmo-st-c5-1-dion_firmware -
festo controller_cecc-x-m1-ys-l1_firmware -
festo servo_cmmt-as-c12-11a-p3-ec-s1_firmware -
festo compact_vision_system_sboi-c_firmware -
festo servo_cmmt-as-c2-11a-p3-ec-s1_firmware -
festo servo_cmmt-as-c2-11a-p3-ep-s1_firmware -
festo control_block_cpx-cec-s1-v3_firmware -
festo servo_cmmt-as-c3-11a-p3-pn-s1_firmware -
festo servo_cmmt-as-c2-3a-ep-s1_firmware -
festo compact_vision_system_sboc-c_firmware -
festo servo_cmmt-as-c5-11a-p3-mp-s1_firmware -
festo servo_drive_cmmt-st-c8-1c-pn-s0_firmware -
festo servo_cmmt-as-c3-11a-p3-ec-s1_firmware -
festo control_block_cpx-cec_firmware -
festo bus_node_cteu-pn_firmware -
festo controller_sbrd-q_firmware -
festo bus_node_cpx-m-fb34_firmware -
festo operator_unit_cdpx-x-a-w-4_firmware -
festo servo_cmmt-as-c2-3a-ec-s1_firmware -
festo bus_node_cpx-fb40_firmware -
festo bus_node_cpx-m-fb44_firmware -
festo controller_cmxh-st2-c5-7-diop_firmware -
festo motor_controller_cmmp-as-c5-11a-p3-m0_firmware -
festo servo_cmmt-as-c12-11a-p3-mp-s1_firmware -
festo controller_cecc-d-ba_firmware -
festo motor_controller_cmmp-as-c2-3a-m3_firmware -
festo motor_controller_cmmp-as-c10-11a-p3-m0_firmware -
festo controller_cecc-x-m1-y-yjkp_firmware -
festo bus_node_cpx-m-fb45_firmware -