VDE-2022-041 | CERT@VDE

2022-11-29 12:49 (CET) VDE-2022-041

Festo: Incomplete documentation of remote accessible functions and protocols in Festo products (Update A)

Share: Email | Twitter

ID

VDE-2022-041

Published

2022-11-29 12:49 (CET)

Last update

2022-12-13 09:50 (CET)

Vendor(s)

Festo SE & Co. KG

Product(s)

Article No°	Product Name	Affected Version(s)
4080499	Bus module CPX-E-EP	= All Versions
4080497	Bus module CPX-E-PN	= All Versions
541302	Bus node CPX-FB32	= All Versions
548755	Bus node CPX-FB33	= All Versions
1912451	Bus node CPX-FB36	= All Versions
2735960	Bus node CPX-FB37	= All Versions
2093101	Bus node CPX-FB39	= All Versions
2474896	Bus node CPX-FB40	= All Versions
8110369	Bus node CPX-FB43	= All Versions
548751	Bus node CPX-M-FB34	= All Versions
548749	Bus node CPX-M-FB35	= All Versions
8110370	Bus node CPX-M-FB44	= All Versions
8110371	Bus node CPX-M-FB45	= All Versions
2798071	Bus node CTEU-EP	= All Versions
2201471	Bus node CTEU-PN	= All Versions
8107589	Bus node CTEU-PN-EX1C	= All Versions
3501040	Camera system CHB-C-N	= All Versions
	Compact Vision System SBO-C-	= All Versions
	Compact Vision System SBO-M-	= All Versions
	Compact Vision System SBO-Q-	= All Versions
	Control block CPX-CEC	= All Versions
	Control block CPX-CEC-C1	= All Versions
	Control block CPX-CEC-C1-V3	= All Versions
	Control block CPX-CEC-M1	= All Versions
	Control block CPX-CEC-M1-V3	= All Versions
	Control block CPX-CEC-S1-V3	= All Versions
555668	Control block CPX-CMXX	= All Versions
555667	Control block CPX-CMXX	= All Versions
529041	Control block CPX-FEC-1-IE	= All Versions
	Controller CECC-D	= All Versions
	Controller CECC-D-BA	= All Versions
	Controller CECC-LK	= All Versions
	Controller CECC-S	= All Versions
	Controller CECC-X-*	= All Versions
553852	Controller CECX-X-C1	= All Versions
553853	Controller CECX-X-M1	= All Versions
3605478	Controller CMXH-ST2-C5-7-DIOP	= All Versions
	Controller CPX-E-CEC-*	= All Versions
8067301	Controller SBRD-Q	= All Versions
8086610	EtherNet/IP interface CPX-AP-I-EP-M12	= All Versions
8086607	EtherNet/IP interface CPX-AP-I-PN-M12	= All Versions
8069773	Gateway CPX-IOT	= All Versions
	Integrated drive EMCA-EC-67-*	= All Versions
	Motor controller CMMO-ST-C5-1-DION	= All Versions
	Motor controller CMMO-ST-C5-1-DIOP	= All Versions
	Motor controller CMMO-ST-C5-1-LKP	= All Versions
	Motor controller CMMP-AS-*	= All Versions
	Motor controller CMMT-AS-*	= All Versions
	Operator unit CDPX-X-A-S-10	= All Versions
	Operator unit CDPX-X-A-W-13	= All Versions
	Operator unit CDPX-X-A-W-4	= All Versions
	Operator unit CDPX-X-A-W-7	= All Versions
	Planar surface gantry EXCM-*	= All Versions
8084006	Servo drive CMMT-ST-C8-1C-EP-S0	= All Versions
8084004	Servo drive CMMT-ST-C8-1C-PN-S0	= All Versions
8047502	VTEM-S1-*	= All Versions

Summary

Incomplete Festo product documentation of remote accessible functions and their required IP ports. Depending on the product a description of the supported features can be found in the product documentation to some extent.

Update A, 2022-12-13

Added affected device "Bus module CPX-E-PN, 4080497"

CVE ID

CVE-2022-3270

Last Update:

Nov. 29, 2022, 12:47 p.m.

Severity

9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Weakness

Incomplete Documentation (CWE-1059)

Summary

In multiple products by Festo a remote unauthenticated attacker could use functions of undocumented protocols which could lead to a complete loss of confidentiality, integrity and availability.

Details

nvd.nist.gov

Impact

Please consult the CVE details above.

Solution

Mitigation

Update of technical user manual documentation in next product version.

Additionally, please refer to the following Recommendations

Users running communication over an untrusted network who require full protection should switch to an alternative solution such as running the communication over a VPN.

Festo strongly recommends to minimize and protect network access to connected devices with state of the art techniques and processes. For a secure operation follow the recommendations in the product manuals and note the protocols and their supported features in Festo Field Device Tool or Festo Automation Suite online help.

As part of a security strategy, Festo recommends the following general defense measures to reduce the risk of exploits: - Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside

- Use firewalls to protect and separate the control system network from other networks

- Use VPN (Virtual Private Networks) tunnels if remote access is required

- Activate and apply user management and password features

- Use encrypted communication links

- Limit the access to both development and control system by physical means, operating system features, etc.

- Protect both development and control system by using up to date virus detecting solutions

Reported by

CERT@VDE coordinated with Festo SE & Co. KG.
Daniel dos Santos, Rob Hulsebos from Forescout for reporting to Festo SE & Co. KG.