CVE-2014-0760

3s-software Codesys Runtime System - Authentication Bypass

Title source: rule

Description

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which could allow a remote attacker to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

References (2)

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-14-084-01

[US Government Resource] http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01

Scores

EPSS 0.0291

EPSS Percentile 86.2%

Classification

CWE

CWE-287

Status draft

Affected Products (4)

3s-software/codesys_runtime_system

festo/cecx-x-c1_modular_master_controller

softmotion3d/softmotion

festo/cecx-x-m1_modular_controller

Timeline

Published Apr 25, 2014

Tracked Since Feb 18, 2026