festo 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk denial of service and vendor risk command injection があり、vendor surface software deployment and vendor surface production workloads の利用場面で アプリケーションクラッシュ などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2020-12069 | In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain full control of the device. | [email protected] | 7.8 | 0.16% | 2022-12-26 | 2026-06-17 |
| CVE-2022-3270 | In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protocol which could lead to a complete loss of confidentiality, integrity and availability. | [email protected] | 9.8 | 1.06% | 2022-12-01 | 2026-06-17 |
| CVE-2022-3079 | Festo control block CPX-CEC-C1 and CPX-CMXX in multiple versions allow unauthenticated, remote access to critical webpage functions which may cause a denial of service. | [email protected] | 7.5 | 0.66% | 2022-09-20 | 2026-06-17 |
| CVE-2022-30311 | In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. | [email protected] | 9.8 | 2.76% | 2022-06-13 | 2026-06-17 |
| CVE-2022-30310 | In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. | [email protected] | 9.8 | 2.46% | 2022-06-13 | 2026-06-17 |
| CVE-2022-30309 | In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. | [email protected] | 9.8 | 3.00% | 2022-06-13 | 2026-06-17 |
| CVE-2022-30308 | In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. | [email protected] | 9.8 | 2.67% | 2022-06-13 | 2026-06-17 |
| CVE-2014-0769 | The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001. | [email protected] | 9.3 | 2.05% | 2014-04-25 | 2026-06-17 |
| CVE-2014-0760 | The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which could allow a remote attacker to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | [email protected] | 9.3 | 3.15% | 2014-04-25 | 2026-06-17 |