CVE-2014-0769
Festo CECX-X-C1/M1 CoDeSys/SoftMotion - Unauthenticated Config Mod & Log Deletion
Title source: llmDescription
The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001.
References (2)
Core 2
Core References
US Government Resource
http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-14-084-01
Scores
EPSS
0.0205
EPSS Percentile
78.9%
Details
CWE
CWE-287
Status
published
Products (6)
3s-software/codesys_runtime_system
Festo/CECX-X-C1 Modular Master Controller with CoDeSys
all
festo/cecx-x-c1_modular_master_controller
Festo/CECX-X-M1 Modular Controller with CoDeSys and SoftMotion
all
festo/cecx-x-m1_modular_controller
softmotion3d/softmotion
Published
Apr 25, 2014
Tracked Since
Feb 18, 2026