← voltar
CVE-2014-0769

Festo CECX-X-(C1/M1) Controller Improper Authentication

CVSS 9.3 EPSS 2.1%CWE-287
The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001.
AV:N/AC:M/Au:N/C:C/I:C/A:C
Produtos afetados
Festo · CECX-X-C1 Modular Master Controller with CoDeSysFesto · CECX-X-M1 Modular Controller with CoDeSys and SoftMotion

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01https://www.cisa.gov/news-events/ics-advisories/icsa-14-084-01