|Article No°||Product Name||Affected Version(s)|
|567347||Control block CPX-CEC-C1||<= 2.0.12|
|555667||Control block CPX-CMXX||<= 1.2.34 rev.404|
|555668||Control block CPX-CMXX||<= 1.2.34 rev.404|
|568714||Control block-SET CPX-CEC-C1||<= 2.0.12|
UPDATE A (19.10.2022): Added Control block-Set CPX-CEC-C1 and Control block-SET
CPX-CMXX to affected products.
Unauthenticated access to critical webpage functions (e.g. reboot) may cause a denial of service of the device.
Festo control block CPX-CEC-C1 and CPX-CMXX in multiple versions allow unauthenticated, remote access to critical webpage functions which may cause a denial of service.
CPX-CEC-C1 and CPX-CMXX allow unauthenticated access to critical webpage functions (e.g. reboot) which may cause a denial of service of the device
Currently no fix is planned.
Replace CPX-CEC-C1 with follow-up product CPX-CEC-C1-V3.
Replace CPX-CMXX with follow up product CPX-CEC-M1-V3.
As part of a security strategy, Festo recommends the following general defense measures to reduce the risk of exploits:
Festo strongly recommends to minimize and protect network access to connected devices with state of the art techniques and processes.
For a secure operation follow the recommendations in the product manuals.
Festo SE & Co. KG thanks the following parties for their efforts: