CVE-2014-0760

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which could allow a remote attacker to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

Credits

K. Reid Wightman of IOActive, Inc. has identified vulnerabilities in Festo’s CECX-X-C1 and CECX-X-M1 controllers.

References