VYPR
Vendor

Festo

Products
13
CVEs
9
Across products
28
Status
Private

Products

13

Recent CVEs

9
  • CVE-2023-3634HigApr 16, 2026
    risk 0.57cvss 8.8epss 0.01

    In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which could lead to a complete loss of confidentiality, integrity and availability.

  • CVE-2022-3270Dec 1, 2022
    risk 0.00cvss epss 0.01

    In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protocol which could lead to a complete loss of confidentiality, integrity and availability.

  • CVE-2022-3079Sep 20, 2022
    risk 0.00cvss epss 0.01

    Festo control block CPX-CEC-C1 and CPX-CMXX in multiple versions allow unauthenticated, remote access to critical webpage functions which may cause a denial of service.

  • CVE-2022-30311Jun 13, 2022
    risk 0.00cvss epss 0.03

    In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command…

  • CVE-2022-30310Jun 13, 2022
    risk 0.00cvss epss 0.02

    In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command…

  • CVE-2022-30309Jun 13, 2022
    risk 0.00cvss epss 0.03

    In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control…

  • CVE-2022-30308Jun 13, 2022
    risk 0.00cvss epss 0.03

    In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control…

  • CVE-2014-0769Apr 25, 2014
    risk 0.00cvss epss 0.02

    The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug…

  • CVE-2014-0760Apr 25, 2014
    risk 0.00cvss epss 0.03

    The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which could allow a remote attacker to execute arbitrary code or cause a denial of service…