Sign in Get started

← All vendors

Vendor

Festo

Sign in to watch

Products

7

CVEs

6

Across products

22

Status

Private

Products

7

Controller Cecc X M1 Mv (8124923)
4 CVEs
Controller Cecc X M1 Mv S1 (8124924)
4 CVEs
Controller Cecc X M1 Ys L1 (8082793)
4 CVEs
Servo Press Kit Yjkp (8077950)
4 CVEs
Cecx X C1 Modular Master Controller
2 CVEs
Cecx X M1 Modular Controller
2 CVEs
Cecx X M1 Modular Controller With Codesys And Softmotion
2 CVEs

Recent CVEs

6

CVE	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2022-30311		0.00	—	0.01		Jun 13, 2022	In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
CVE-2022-30310		0.00	—	0.02		Jun 13, 2022	In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
CVE-2022-30309		0.00	—	0.01		Jun 13, 2022	In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
CVE-2022-30308		0.00	—	0.01		Jun 13, 2022	In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
CVE-2014-0769		0.00	—	0.01		Apr 25, 2014	The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001.
CVE-2014-0760		0.00	—	0.03		Apr 25, 2014	The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which could allow a remote attacker to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.