CVE-2014-0760

Published: Apr 25, 2014Modified: May 6, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which could allow a remote attacker to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

Affected (4)

Products: 3s Software: Codesys Runtime System · Festo: Cecx X C1 Modular Master Controller, Cecx X M1 Modular Controller · Softmotion3d: Softmotion

1 product

Codesys Runtime System

2 products

Cecx X C1 Modular Master Controller

Cecx X M1 Modular Controller

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
3s Software Codesys Runtime System	All versions
Festo Cecx X C1 Modular Master Controller	All versions

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Softmotion3d Softmotion	All versions
Festo Cecx X M1 Modular Controller	All versions

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://www.cisa.gov/news-events/ics-advisories/icsa-14-084-01

Source: ics-cert@hq.dhs.gov

http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

Timeline

No history available yet.