| Article No° | Product Name | Affected Version(s) |
|---|---|---|
| 3473128 | Control block CPX-CEC-C1-V3 (HW <= 8) | <= 4.0.4 |
| 3472765 | Control block CPX-CEC-M1-V3 (HW <= 8) | <= 4.0.4 |
| 3472425 | Control block CPX-CEC-S1-V3 (HW <= 8) | <= 4.0.4 |
| 4252742 | Control block CPX-E-CEC-C1-EP (HW < 8) | 2.2.14 |
| 4252742 | Control block CPX-E-CEC-C1-EP (HW >= 8) | 3.2.10 |
| 5226780 | Control block CPX-E-CEC-C1 (HW <= 5) | <= 10.1.4 |
| 4252741 | Control block CPX-E-CEC-C1-PN (HW < 8) | 2.2.14 |
| 4252741 | Control block CPX-E-CEC-C1-PN (HW >= 8) | 3.2.10 |
| 4252744 | Control block CPX-E-CEC-M1-EP (HW < 8) | 2.2.14 |
| 4252744 | Control block CPX-E-CEC-M1-EP (HW >= 8) | 3.2.10 |
| 5266781 | Control block CPX-E-CEC-M1 (HW <= 5) | <= 10.1.4 |
| 4252743 | Control block CPX-E-CEC-M1-PN (HW < 8) | 2.2.14 |
| 4252743 | Control block CPX-E-CEC-M1-PN (HW >= 8) | 3.2.10 |
| 8072995 | Controller CECC-D-BA (HW <=7) | <= 2.4.2 |
| 2463301 | Controller CECC-D-CS (HW <=7) | <= 2.4.2 |
| 574415 | Controller CECC-D (HW <= 7) | <= 2.4.2 |
| 574418 | Controller CECC-LK (HW <= 7) | <= 2.4.2 |
| 574416 | Controller CECC-S (HW <= 7) | <= 2.4.2 |
| 4407603 | Controller CECC-X-M1 (Gen3) | <= 3.8.18 |
| 8124922 | Controller CECC-X-M1 (Gen4) | <= 4.0.18 |
| 4407605 | Controller CECC-X-M1-MV (Gen3) | <= 3.8.18 |
| 8124923 | Controller CECC-X-M1-MV (Gen4) | <= 4.0.18 |
| 4407606 | Controller CECC-X-M1-MV-S1 (Gen3) | <= 3.8.18 |
| 8124924 | Controller CECC-X-M1-MV-S1 (Gen4) | <= 4.0.18 |
| 574412 | Operator unit CDPX-X-A-S-10 | <= 3.5.7.159 |
| 574413 | Operator unit CDPX-X-A-W-13 | <= 3.5.7.159 |
| 574410 | Operator unit CDPX-X-A-W-4 | <= 3.5.7.159 |
| 574411 | Operator unit CDPX-X-A-W-7 | <= 3.5.7.159 |
| 8155217 | Operator unit CDPX-X-E1-W-10 | <= 3.5.7.159 |
| 8155218 | Operator unit CDPX-X-E1-W-15 | <= 3.5.7.159 |
| 8155216 | Operator unit CDPX-X-E1-W-7 | <= 3.5.7.159 |
Several high severity vulnerabilities in CODESYS V3 affecting Festo products could lead to Remote Code Execution or Denial of Service.
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpAppForce Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service.
An authenticated, remote attacker may use a improper input validation vulnerability in the CmpApp/CmpAppBP/CmpAppForce Components of multiple CODESYS products in multiple versions to read from an invalid address which can lead to a denial-of-service condition.
An authenticated, remote attacker may use a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple versions of multiple CODESYS products to force a denial-of-service situation.
Multiple CODESYS products in multiple versions are prone to a improper input validation vulnerability. An authenticated remote attacker may craft specific requests that use the vulnerability leading to a denial-of-service condition.
Please check the references in the CVEs.
Mitigation
As part of a security strategy, Festo recommends the following general defense measures to reduce the risk of exploits:
Festo strongly recommends to minimize and protect network access to connected devices with state of the art techniques and processes.
For a secure operation follow the recommendations in the product manuals.
Remediation
For all vulnerability identifiers except CECC-D, CECC-D-CS, CECC-D-BA, CECC-S, CECC-X Gen3 and CECC-LK: Update planned end of Q3 2024.
CERT@VDE coordinated with Festo