Vulnerability Description
The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which could allow a remote attacker to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| 3S-Software | Codesys Runtime System | - |
| Festo | Cecx-X-C1 Modular Master Controller | - |
| Softmotion3D | Softmotion | - |
| Festo | Cecx-X-M1 Modular Controller | - |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-14-084-01
- http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01US Government Resource
FAQ
What is CVE-2014-0760?
CVE-2014-0760 is a vulnerability with a CVSS score of 9.3 (HIGH). The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which could ...
How severe is CVE-2014-0760?
CVE-2014-0760 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0760?
Check the references section above for vendor advisories and patch information. Affected products include: 3S-Software Codesys Runtime System, Festo Cecx-X-C1 Modular Master Controller, Softmotion3D Softmotion, Festo Cecx-X-M1 Modular Controller.