VDE-2022-036
Last update
28.07.2025 12:00
Published at
20.09.2022 12:00
Vendor(s)
Festo SE & Co. KG
External ID
FSA-202207
CSAF Document
Summary
Unauthenticated access to critical webpage functions (e.g. reboot) may cause a denial of service of the device.
Impact
CPX-CEC-C1 and CPX-CMXX allow unauthenticated access to critical webpage functions (e.g. reboot) which may cause a denial of service of the device
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| CPX-CEC-C1 | Control block CPX-CEC-C1 | Firmware <=2.0.12 |
| CPX-CMXX | Control block CPX-CMXX | Firmware <=1.2.34 rev.404 |
| CPX-CEC-C1 | Control block-SET CPX-CEC-C1 | Firmware <=1.2.34 rev.404 |
Vulnerabilities
Expand / Collapse all
Published
22.09.2025 14:57
Severity
Weakness
Improper Privilege Management (CWE-269)
Summary
Festo control block CPX-CEC-C1 and CPX-CMXX in multiple versions allow unauthenticated, remote access to critical webpage functions which may cause a denial of service.
References
Remediation
Currently no fix is planned.
Replace CPX-CEC-C1 with follow-up product CPX-CEC-C1-V3.
Replace CPX-CMXX with follow up product CPX-CEC-M1-V3.
Revision History
| Version | Date | Summary |
|---|---|---|
| 1.0.0 | 20.09.2022 12:00 | Initial revision. |
| 1.1.0 | 19.10.2022 12:00 | Added Control block-Set CPX-CEC-C1 and Control block-SET CPX-CMXX to affected products. |
| 1.1.1 | 11.01.2024 11:00 | Adjust link to VDE Advisory |
| 1.1.2 | 28.07.2025 12:00 | Adjusted to VDE template. Change title from 'CPX-CEC-C1 and CPX-CMXX, Missing Authentication for Critical Webpage Function' to 'Festo: CPX-CEC-C1 and CPX-CMXX, Missing Authentication for Critical Webpage Function'. Updated legal disclaimer to add references to special provisions. Remediations were consolidated into one. |