CVE-2014-0769

critical

Published 2014-04-25 · Modified 2026-05-06

CVSS v3

—

CVSS v2

9.3

VIR risk

9.3

Description

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

Application impact

Vendor	Product	Versions	Fixed
softmotion3d	softmotion	`-`
3s-software	codesys_runtime_system	`-`

References

https://www.cisa.gov/news-events/ics-advisories/icsa-14-084-01
http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01

CWEs

CWE-287

Verify integrity in audit chain (admin only). AS-IS.