← voltar
CVE-2014-0760

Festo CECX-X-(C1/M1) Controller Improper Authentication

CVSS 9.3 EPSS 3.1%CWE-287
The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which could allow a remote attacker to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
AV:N/AC:M/Au:N/C:C/I:C/A:C
Produtos afetados
Festo · CECX-X-C1 Modular Master Controller with CoDeSysFesto · CECX-X-M1 Modular Controller with CoDeSys and SoftMotion

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01https://www.cisa.gov/news-events/ics-advisories/icsa-14-084-01