|Article No°||Product Name||Affected Version(s)|
|8085453||MSE6-D2M-5000-CBUS-S-RG-BAR- VCB-AGD||all versions|
Incomplete user documentation of undocumented, authenticated test mode and further remote accessible functions. The supported features may be covered only partly by the corresponding user documentation.
Festo developed the products according to the respective state of the art. As a result, the protocols used no longer fully meet today's security requirements. The products are designed and developed for use in sealed-off (industrial) networks. If the network is not adequately sealed off, unauthorized access to the product can cause damage or malfunctions, particularly Denial of Service (DoS) or loss of integrity.
In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which could lead to a complete loss of confidentiality, integrity and availability.
In products of the MSE6 product-family by Festo a remote authenticated attacker could use functions of undocumented test mode which could lead to a complete loss of confidentiality, integrity and availability.
Update of user documentation in next product version.
Users running communication over an untrusted network who require full protection should switch to an alternative solution such as running the communication over a VPN.
Festo strongly recommends to minimize and protect network access to connected devices with state of the art techniques and processes.
As part of a security strategy, Festo recommends the following general defense measures to reduce the risk of exploits:
CERT@VDE coordinated with Festo