Vulnerabilities > Festo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-26 | CVE-2020-12069 | Use of Password Hash With Insufficient Computational Effort vulnerability in multiple products In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. | 7.8 |
| 2022-12-01 | CVE-2022-3270 | Unspecified vulnerability in Festo products In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protocol which could lead to a complete loss of confidentiality, integrity and availability. | 9.8 |
| 2022-06-13 | CVE-2022-30308 | Incorrect Authorization vulnerability in Festo products In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. | 9.8 |
| 2022-06-13 | CVE-2022-30309 | Incorrect Authorization vulnerability in Festo products In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. | 9.8 |
| 2022-06-13 | CVE-2022-30310 | Incorrect Authorization vulnerability in Festo products In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. | 9.8 |
| 2022-06-13 | CVE-2022-30311 | Incorrect Authorization vulnerability in Festo products In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. | 9.8 |
| 2014-04-25 | CVE-2014-0769 | Improper Authentication vulnerability in multiple products The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001. | 9.3 |
| 2014-04-25 | CVE-2014-0760 | Improper Authentication vulnerability in multiple products The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | 9.3 |