Vulnerabilities > Festo
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-01 | CVE-2022-3270 | Unspecified vulnerability in Festo products In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protocol which could lead to a complete loss of confidentiality, integrity and availability. | 9.8 |
2022-06-13 | CVE-2022-30308 | Incorrect Authorization vulnerability in Festo products In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. | 9.8 |
2022-06-13 | CVE-2022-30309 | Incorrect Authorization vulnerability in Festo products In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. | 9.8 |
2022-06-13 | CVE-2022-30310 | Incorrect Authorization vulnerability in Festo products In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. | 9.8 |
2022-06-13 | CVE-2022-30311 | Incorrect Authorization vulnerability in Festo products In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. | 9.8 |
2014-04-25 | CVE-2014-0769 | Improper Authentication vulnerability in multiple products The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001. | 9.3 |
2014-04-25 | CVE-2014-0760 | Improper Authentication vulnerability in multiple products The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | 9.3 |