CVE-2014-0769CVE-2014-0769

Affected configuration(s):

cpe:/a:3s-software:codesys_runtime_system:-
cpe:/a:softmotion3d:softmotion:-
cpe:/h:festo:cecx-x-c1_modular_master_controller:-
cpe:/h:festo:cecx-x-m1_modular_controller:-

Date published: 2014-04-25T01:12:07.753-04:00

Date last modified: 2014-04-25T09:58:09.157-04:00

CVSS Score: 9.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01

Summary: The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.