Festo CECX-X-(C1/M1) Controller Vulnerabilities

Low RiskICS-CERT ICSA-14-084-01Dec 26, 2014

Summary

Festo CECX-X-C1 Modular Master Controller and CECX-X-M1 Modular Controller running CoDeSys contain authentication and access control weaknesses (CWE-287, CWE-284). These vulnerabilities allow unauthorized access and potential manipulation of controller operations. All versions are affected.

What this means

What could happen

An attacker with network access to the controller could bypass authentication and gain control over the device, potentially altering process logic, setpoints, or stopping operations in motion control and automation systems.

Who's at risk

Manufacturers and operators of Festo modular motion control systems, particularly those using CECX-X-C1 and CECX-X-M1 controllers for automated assembly lines, packaging, robotics, or process automation. Any facility relying on these controllers for critical motion sequences is at risk.

How it could be exploited

An attacker sends specially crafted requests to the CoDeSys runtime on the controller without providing valid credentials or by exploiting weak access controls. Once authenticated, the attacker can upload modified logic, alter parameters, or halt execution.

Prerequisites

Network access to the CoDeSys controller port (typically port 2404 or 11740 for IEC 61131-3 runtime)
No valid credentials required due to authentication weakness

remotely exploitableno authentication requiredno patch availableaffects automation/motion control systems

Exploitability

Moderate exploit probability (EPSS 4.4%)

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

CECX-X-M1 Modular Controller with CoDeSys and SoftMotion: vers:all/*All versionsNo fix (EOL)

CECX-X-C1 Modular Master Controller with CoDeSys: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDRestrict network access to the CoDeSys runtime ports (2404, 11740) using firewall rules; allow only authorized engineering workstations and SCADA systems

WORKAROUNDDisable remote access to the CoDeSys engineering interface if not operationally required

Mitigations - no patch available

0/3

The following products have reached End of Life with no planned fix: CECX-X-M1 Modular Controller with CoDeSys and SoftMotion: vers:all/*, CECX-X-C1 Modular Master Controller with CoDeSys: vers:all/*. Apply the following compensating controls:

HARDENINGImplement network segmentation to isolate CECX controllers on a separate control network with no direct internet or untrusted network access

HARDENINGMonitor for unauthorized connection attempts to the controller; alert on unexpected changes to controller logic or parameters

HARDENINGEvaluate replacement or upgrade to newer Festo controller models with patched CoDeSys versions if available

CVEs (4)

CVE-2014-0760 CVE-2014-0769 CVE-2012-6068 CVE-2012-6069

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/75bce6bf-92e3-45bb-9118-5979dea608aa