CVE-2014-0769 (GCVE-0-2014-0769)

Vulnerability from cvelistv5 – Published: 2014-04-25 01:00 – Updated: 2025-07-02 20:26
VLAI?
Summary
The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
Vendor Product Version
Festo CECX-X-C1 Modular Master Controller with CoDeSys Affected: all
Create a notification for this product.
Credits
K. Reid Wightman of IOActive, Inc. has identified vulnerabilities in Festo’s CECX-X-C1 and CECX-X-M1 controllers.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:27:19.529Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CECX-X-C1 Modular Master Controller with CoDeSys",
          "vendor": "Festo",
          "versions": [
            {
              "status": "affected",
              "version": "all"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CECX-X-M1 Modular Controller with CoDeSys and SoftMotion",
          "vendor": "Festo",
          "versions": [
            {
              "status": "affected",
              "version": "all"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "K. Reid Wightman of IOActive, Inc. has identified vulnerabilities in Festo\u2019s CECX-X-C1 and CECX-X-M1 controllers."
        }
      ],
      "datePublic": "2014-04-24T06:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001.\u003c/p\u003e"
            }
          ],
          "value": "The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001."
        }
      ],
      "metrics": [
        {
          "cvssV2_0": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-02T20:26:44.615Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-084-01"
        }
      ],
      "source": {
        "advisory": "ICSA-14-084-01",
        "discovery": "EXTERNAL"
      },
      "title": "Festo CECX-X-(C1/M1) Controller Improper Authentication",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eFesto has decided not to resolve these vulnerabilities, placing \ncritical infrastructure asset owners using this product at risk. This \nadvisory is being published to alert critical infrastructure asset \nowners of the risk of using this equipment, and to increase compensating\n security measures if possible.\u0026nbsp;Some of these compensating measures can be:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinimize network exposure for all control system devices and/or \nsystems, and ensure that they are not accessible from the Internet.\u003c/li\u003e\n\u003cli\u003eLocate control system networks and remote devices behind firewalls, and isolate them from the business network.\u003c/li\u003e\n\u003cli\u003eWhen remote access is required, use secure methods, such as Virtual \nPrivate Networks (VPNs), recognizing that VPNs may have vulnerabilities \nand should be updated to the most current version available. Also \nrecognize that VPN is only as secure as the connected devices.\u003c/li\u003e\n\u003cli\u003eInvestigate the practicality of configuring and deploying an \nintrusion detection system (IDS) to log and monitor the control system \nnetwork, as well as adjacent networks.\u003c/li\u003e\n\u003cli\u003eConfigure, activate, and test existing defenses, such as port \nsecurity and traffic logging, among other defensive strategies in the \nrecommended practices document listed below.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Festo has decided not to resolve these vulnerabilities, placing \ncritical infrastructure asset owners using this product at risk. This \nadvisory is being published to alert critical infrastructure asset \nowners of the risk of using this equipment, and to increase compensating\n security measures if possible.\u00a0Some of these compensating measures can be:\n\n\n\n  *  Minimize network exposure for all control system devices and/or \nsystems, and ensure that they are not accessible from the Internet.\n\n  *  Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n\n  *  When remote access is required, use secure methods, such as Virtual \nPrivate Networks (VPNs), recognizing that VPNs may have vulnerabilities \nand should be updated to the most current version available. Also \nrecognize that VPN is only as secure as the connected devices.\n\n  *  Investigate the practicality of configuring and deploying an \nintrusion detection system (IDS) to log and monitor the control system \nnetwork, as well as adjacent networks.\n\n  *  Configure, activate, and test existing defenses, such as port \nsecurity and traffic logging, among other defensive strategies in the \nrecommended practices document listed below."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2014-0769",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01",
              "refsource": "MISC",
              "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2014-0769",
    "datePublished": "2014-04-25T01:00:00",
    "dateReserved": "2014-01-02T00:00:00",
    "dateUpdated": "2025-07-02T20:26:44.615Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:softmotion3d:softmotion:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B1A68669-AFEA-4D4A-A8B8-3D95137AEDAB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:festo:cecx-x-m1_modular_controller:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA6BC4C2-B93A-42A3-85A4-7161C769EE04\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:3s-software:codesys_runtime_system:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"846BA4EA-FA65-46B9-90B3-662E51F06B74\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:festo:cecx-x-c1_modular_master_controller:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D4428AC4-B79E-4DDC-8CB1-6F91F835945B\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001.\"}, {\"lang\": \"es\", \"value\": \"Festo CECX-X-C1 Modular Master Controller con CoDeSys y CECX-X-M1 Modular Controller con CoDeSys y SoftMotion no requieren autenticaci\\u00f3n para conexiones a puertos TCP, lo que permite a atacantes remotos (1) modificar la configuraci\\u00f3n a trav\\u00e9s de una solicitud hacia el servicio de depuraci\\u00f3n en puerto 4000 o (2) eliminar entradas de registro a trav\\u00e9s de una solicitud hacia el servicio de registro de puerto 4001.\"}]",
      "id": "CVE-2014-0769",
      "lastModified": "2024-11-21T02:02:46.637",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2014-04-25T05:12:07.753",
      "references": "[{\"url\": \"http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}]",
      "sourceIdentifier": "ics-cert@hq.dhs.gov",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-0769\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2014-04-25T05:12:07.753\",\"lastModified\":\"2025-07-02T21:15:39.930\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001.\"},{\"lang\":\"es\",\"value\":\"Festo CECX-X-C1 Modular Master Controller con CoDeSys y CECX-X-M1 Modular Controller con CoDeSys y SoftMotion no requieren autenticaci\u00f3n para conexiones a puertos TCP, lo que permite a atacantes remotos (1) modificar la configuraci\u00f3n a trav\u00e9s de una solicitud hacia el servicio de depuraci\u00f3n en puerto 4000 o (2) eliminar entradas de registro a trav\u00e9s de una solicitud hacia el servicio de registro de puerto 4001.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:softmotion3d:softmotion:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1A68669-AFEA-4D4A-A8B8-3D95137AEDAB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:festo:cecx-x-m1_modular_controller:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6BC4C2-B93A-42A3-85A4-7161C769EE04\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:3s-software:codesys_runtime_system:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"846BA4EA-FA65-46B9-90B3-662E51F06B74\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:festo:cecx-x-c1_modular_master_controller:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4428AC4-B79E-4DDC-8CB1-6F91F835945B\"}]}]}],\"references\":[{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-14-084-01\",\"source\":\"ics-cert@hq.dhs.gov\"},{\"url\":\"http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.