CVE-2014-0769

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001.
References
Link Resource
http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01 US Government Resource
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:softmotion3d:softmotion:-:*:*:*:*:*:*:*
cpe:2.3:h:festo:cecx-x-m1_modular_controller:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:3s-software:codesys_runtime_system:-:*:*:*:*:*:*:*
cpe:2.3:h:festo:cecx-x-c1_modular_master_controller:-:*:*:*:*:*:*:*

Information

Published : 2014-04-24 22:12

Updated : 2014-04-25 06:58


NVD link : CVE-2014-0769

Mitre link : CVE-2014-0769


JSON object : View

CWE
CWE-287

Improper Authentication

Advertisement

dedicated server usa

Products Affected

3s-software

  • codesys_runtime_system

festo

  • cecx-x-c1_modular_master_controller
  • cecx-x-m1_modular_controller

softmotion3d

  • softmotion