CVE-2014-0769

Published: Apr 25, 2014Modified: May 6, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001.

Affected (4)

Products: Softmotion3d: Softmotion · Festo: Cecx X M1 Modular Controller, Cecx X C1 Modular Master Controller · 3s Software: Codesys Runtime System

1 product

2 products

Cecx X M1 Modular Controller

Cecx X C1 Modular Master Controller

1 product

Codesys Runtime System

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Softmotion3d Softmotion	All versions
Festo Cecx X M1 Modular Controller	All versions

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
3s Software Codesys Runtime System	All versions
Festo Cecx X C1 Modular Master Controller	All versions

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://www.cisa.gov/news-events/ics-advisories/icsa-14-084-01

Source: ics-cert@hq.dhs.gov

http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

Timeline

No history available yet.