Back to overview

Festo: MSE6-C2M/D2M/E2M Incomplete User Documentation of Remote Accessible Functions

VDE-2023-020
Last update
10/01/2025 12:00
Published at
09/05/2023 12:00
Vendor(s)
Festo SE & Co. KG
External ID
FSA-202304
CSAF Document

Summary

Incomplete user documentation of undocumented, authenticated test mode and further remote accessible functions.
The supported features may be covered only partly by the corresponding user documentation.

Festo developed the products according to the respective state of the art. As a result, the protocols used no longer fully meet today's security requirements.
The products are designed and developed for use in sealed-off (industrial) networks.
If the network is not adequately sealed off, unauthorized access to the product can cause damage or malfunctions, particularly Denial of Service (DoS) or loss of integrity.

Impact

In products of the MSE6 product-family by Festo a remote authenticated attacker could use functions of undocumented test mode which could lead to a complete loss of confidentiality, integrity and availability.

Affected Product(s)

Model no. Product name Affected versions
8169406 MSE6-C2M-5000-FB36-D-M-RG-BAR-M12L4-AGD vers:all/* MSE6-C2M-5000-FB36-D-M-RG-BAR-M12L4-AGD vers:all/*
8157913 MSE6-C2M-5000-FB36-D-M-RG-BAR-M12L5-AGD vers:all/* MSE6-C2M-5000-FB36-D-M-RG-BAR-M12L5-AGD vers:all/*
8169407 MSE6-C2M-5000-FB43-D-M-RG-BAR-M12L4-MQ1-AGD vers:all/* MSE6-C2M-5000-FB43-D-M-RG-BAR-M12L4-MQ1-AGD vers:all/*
8157912 MSE6-C2M-5000-FB43-D-M-RG-BAR-M12L5-MQ1-AGD vers:all/* MSE6-C2M-5000-FB43-D-M-RG-BAR-M12L5-MQ1-AGD vers:all/*
8157908 MSE6-C2M-5000-FB44-D-M-RG-BAR-AMI-AGD vers:all/* MSE6-C2M-5000-FB44-D-M-RG-BAR-AMI-AGD vers:all/*
8157909 MSE6-C2M-5000-FB44-D-RG-BAR-AMI-AGD vers:all/* MSE6-C2M-5000-FB44-D-RG-BAR-AMI-AGD vers:all/*
8085453 MSE6-D2M-5000-CBUS-S-RG-BAR- VCB-AGD vers:all/* MSE6-D2M-5000-CBUS-S-RG-BAR- VCB-AGD vers:all/*
2465321 MSE6-E2M-5000-FB13-AGD vers:all/* MSE6-E2M-5000-FB13-AGD vers:all/*
3990296 MSE6-E2M-5000-FB36-AGD vers:all/* MSE6-E2M-5000-FB36-AGD vers:all/*
3992150 MSE6-E2M-5000-FB37-AGD vers:all/* MSE6-E2M-5000-FB37-AGD vers:all/*
8157910 MSE6-E2M-5000-FB43-AGD vers:all/* MSE6-E2M-5000-FB43-AGD vers:all/*
8157911 MSE6-E2M-5000-FB44-AGD vers:all/* MSE6-E2M-5000-FB44-AGD vers:all/*

Vulnerabilities

Expand / Collapse all

Published
10/06/2025 14:04
Weakness
Hidden Functionality (CWE-912)
Summary

In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which could lead to a complete loss of confidentiality, integrity and availability.

References

Remediation

Update of user documentation in next product version.

Acknowledgments

Festo SE & Co. KG thanks the following parties for their efforts:

Revision History

Version Date Summary
1.0.0 09/05/2023 12:00 Initial revision.
1.0.1 10/01/2025 12:00 Adjusted to VDE template. Changed title from "MSE6-C2M/D2M/E2M Incomplete User Documentation of Remote Accessible Functions" to "Festo: MSE6-C2M/D2M/E2M Incomplete User Documentation of Remote Accessible Functions".