CVE-2014-0760

critical

Published 2014-04-25 · Modified 2026-05-06

CVSS v3

—

CVSS v2

9.3

VIR risk

9.3

Description

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which could allow a remote attacker to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

Application impact

Vendor	Product	Versions	Fixed
3s-software	codesys_runtime_system	`-`
softmotion3d	softmotion	`-`

References

https://www.cisa.gov/news-events/ics-advisories/icsa-14-084-01
http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01

CWEs

CWE-287

Verify integrity in audit chain (admin only). AS-IS.