Advisories

Für CVSS 2.0, 3.0 und 3.2
VDE-2022-022
Aug. 26, 2025, 12:00 nachm.

Festo: Controller CECC-S,LK,D family <= 2.3.8.1 - multiple vulnerabilities in CODESYS V3 runtime system

The Festo controller CECC product family is affected by multiple vulnerabilities in the CODESYS V3 runtime.
CVE-2020-10245
CVE-2021-33485
CVE-2018-10612
CVE-2019-9010
CVE-2019-13548
CVE-2019-18858
CVE-2019-9013
CVE-2019-9008
CVE-2022-22515
CVE-2020-12069
CVE-2022-22517
CVE-2021-36764
CVE-2020-12067
CVE-2020-15806
CVE-2021-36763
CVE-2022-22519
CVE-2021-29241
CVE-2019-5105
CVE-2018-20025
CVE-2018-20026
CVE-2019-13532
CVE-2019-9012
CVE-2019-9009
CVE-2021-29242
CVE-2022-22514
CVE-2022-22513
CVE-2020-12068
CVE-2018-0739
CVE-2020-7052
CVE-2019-13542
CVE-2017-3735
CVE-2019-9011
CVE-2010-5250
VDE-2022-027
Juli 10, 2025, 12:00 nachm.

Festo: Controller CECC-S,LK,D family firmware 2.4.2.0 - multiple vulnerabilities in CODESYS V3 runtime system

The Festo controller CECC product family in firmware version 2.4.2.0 is affected by multiple vulnerabilities in the CODESYS V3 runtime.
CVE-2020-10245
CVE-2021-33485
CVE-2019-9013
CVE-2022-22515
CVE-2020-12069
CVE-2022-22517
CVE-2021-36764
CVE-2020-12067
CVE-2020-15806
CVE-2021-36763
CVE-2022-22519
CVE-2021-29241
CVE-2019-5105
CVE-2021-29242
CVE-2022-22514
CVE-2022-22513
CVE-2020-12068
CVE-2019-9011
VDE-2022-020
Juni 23, 2025, 10:00 vorm.

Festo: CECC-X-M1 - command injection vulnerabilities

The Festo controller CECC-X-M1 product family in multiple versions are affected by a preauthentication command injection vulnerability. Update A, 2022-07-05 Remediation has been updated. Fixed firmwares are now available.
CVE-2022-30308
CVE-2022-30309
CVE-2022-30310
CVE-2022-30311
VDE-2021-045
Aug. 26, 2025, 12:00 nachm.

Festo: Multiple vulnerabilities in Ethernet/IP Stack of SBRD-Q/SBOC-Q/SBOI-Q

The affected product families are cameras SBOC/SBOI and the Controller SBRD. The vulnerabilities are located within the Ethernet IP Stack from EIPStackGroup OpENer Ethernet/IP.
CVE-2021-27478
CVE-2021-27498
CVE-2021-27500
CVE-2021-27482