CVE-2014-0769

Softmotion - Authentication Bypass

Title source: rule

Description

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001.

References (2)

[US Government Resource] http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-14-084-01

Scores

EPSS 0.0056

EPSS Percentile 67.9%

Classification

CWE

CWE-287

Status draft

Affected Products (4)

softmotion3d/softmotion

festo/cecx-x-m1_modular_controller

3s-software/codesys_runtime_system

festo/cecx-x-c1_modular_master_controller

Timeline

Published Apr 25, 2014

Tracked Since Feb 18, 2026