Summary
Incomplete user documentation of undocumented, authenticated test mode and further remote accessible functions.
The supported features may be covered only partly by the corresponding user documentation.
Festo developed the products according to the respective state of the art. As a result, the protocols used no longer fully meet today's security requirements.
The products are designed and developed for use in sealed-off (industrial) networks.
If the network is not adequately sealed off, unauthorized access to the product can cause damage or malfunctions, particularly Denial of Service (DoS) or loss of integrity.
Impact
In products of the MSE6 product-family by Festo a remote authenticated attacker could use functions of undocumented test mode which could lead to a complete loss of confidentiality, integrity and availability.
Affected Product(s)
Model no. | Product name | Affected versions |
---|---|---|
8169406 | MSE6-C2M-5000-FB36-D-M-RG-BAR-M12L4-AGD vers:all/* | MSE6-C2M-5000-FB36-D-M-RG-BAR-M12L4-AGD vers:all/* |
8157913 | MSE6-C2M-5000-FB36-D-M-RG-BAR-M12L5-AGD vers:all/* | MSE6-C2M-5000-FB36-D-M-RG-BAR-M12L5-AGD vers:all/* |
8169407 | MSE6-C2M-5000-FB43-D-M-RG-BAR-M12L4-MQ1-AGD vers:all/* | MSE6-C2M-5000-FB43-D-M-RG-BAR-M12L4-MQ1-AGD vers:all/* |
8157912 | MSE6-C2M-5000-FB43-D-M-RG-BAR-M12L5-MQ1-AGD vers:all/* | MSE6-C2M-5000-FB43-D-M-RG-BAR-M12L5-MQ1-AGD vers:all/* |
8157908 | MSE6-C2M-5000-FB44-D-M-RG-BAR-AMI-AGD vers:all/* | MSE6-C2M-5000-FB44-D-M-RG-BAR-AMI-AGD vers:all/* |
8157909 | MSE6-C2M-5000-FB44-D-RG-BAR-AMI-AGD vers:all/* | MSE6-C2M-5000-FB44-D-RG-BAR-AMI-AGD vers:all/* |
8085453 | MSE6-D2M-5000-CBUS-S-RG-BAR- VCB-AGD vers:all/* | MSE6-D2M-5000-CBUS-S-RG-BAR- VCB-AGD vers:all/* |
2465321 | MSE6-E2M-5000-FB13-AGD vers:all/* | MSE6-E2M-5000-FB13-AGD vers:all/* |
3990296 | MSE6-E2M-5000-FB36-AGD vers:all/* | MSE6-E2M-5000-FB36-AGD vers:all/* |
3992150 | MSE6-E2M-5000-FB37-AGD vers:all/* | MSE6-E2M-5000-FB37-AGD vers:all/* |
8157910 | MSE6-E2M-5000-FB43-AGD vers:all/* | MSE6-E2M-5000-FB43-AGD vers:all/* |
8157911 | MSE6-E2M-5000-FB44-AGD vers:all/* | MSE6-E2M-5000-FB44-AGD vers:all/* |
Vulnerabilities
Expand / Collapse allIn products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which could lead to a complete loss of confidentiality, integrity and availability.
Remediation
Update of user documentation in next product version.
Acknowledgments
Festo SE & Co. KG thanks the following parties for their efforts:
- CERT@VDE for coordination and support with this publication (see https://certvde.com )
Revision History
Version | Date | Summary |
---|---|---|
1.0.0 | 09/05/2023 12:00 | Initial revision. |
1.0.1 | 10/01/2025 12:00 | Adjusted to VDE template. Changed title from "MSE6-C2M/D2M/E2M Incomplete User Documentation of Remote Accessible Functions" to "Festo: MSE6-C2M/D2M/E2M Incomplete User Documentation of Remote Accessible Functions". |