1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/Low attack complexity
- Vendor: Festo
- Equipment: Compact Vision System, Control Block, Controller, and Operator Unit products
- Vulnerabilities: Exposure of Resource to Wrong Sphere, Initialization of a Resource with an Insecure Default
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could result in an attacker accessing devices without authentication or modifying configuration files.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Festo reports that the following products are affected:
- Festo Software Compact Vision System SBO-Q-: All Versions
- Festo Software Control block CPX-CEC-C1 Codesys V2: All Versions
- Festo Software Control block CPX-CEC-C1-V3 Codesys V3: All Versions
- Festo Software Control block CPX-CEC Codesys V2: All Versions
- Festo Software Control block CPX-CEC-M1 Codesys V2: All Versions
- Festo Software Control block CPX-CEC-M1-V3 Codesys V3: All Versions
- Festo Software Control block CPX-CEC-S1-V3 Codesys V3: All Versions
- Festo Software Control block CPX-CMXX: All Versions
- Festo Software Controller CECC-D: All Versions
- Festo Software Controller CECC-D-BA: All Versions
- Festo Software Controller CECC-D-CS: All Versions
- Festo Software Controller CECC-LK: All Versions
- Festo Software Controller CECC-S: All Versions
- Festo Software Controller CECC-X-M1: All Versions
- Festo Software Controller CECC-X-M1-MV: All Versions
- Festo Software Controller CECC-X-M1-S1: All Versions
- Festo Software Controller CECX-X-C1: All Versions
- Festo Software Controller CECX-X-M1: All Versions
- Festo Software Controller CPX-E-CEC-C1: All Versions
- Festo Software Controller CPX-E-CEC-C1-EP: All Versions
- Festo Software Controller CPX-E-CEC-C1-PN: All Versions
- Festo Software Controller CPX-E-CEC-M1: All Versions
- Festo Software Controller CPX-E-CEC-M1-EP: All Versions
- Festo Software Controller CPX-E-CEC-M1-P
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from All CISA AdvisoriesRead the original article: