FESTO Hardware Controller, Hardware Servo Press Kit

Act Now9.8ICS-CERT ICSA-25-182-04Jul 6, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The Festo CECC-X-M1 series controllers and YJKP Servo Press Kit are vulnerable to preauthentication command injection (CWE-78). An attacker can send malicious input to the controller's network interface, which is executed without proper validation or sanitization. This allows remote code execution on the device controlling automated press operations.

What this means

What could happen

An attacker can run arbitrary commands on the Festo controller without authentication, potentially altering press parameters, stopping production, or causing equipment damage. This affects automated manufacturing processes that depend on these servo press controllers.

Who's at risk

Manufacturers operating Festo servo press systems and hydraulic/electric press automation equipment, particularly in automotive, plastics, and light assembly industries. Any facility using CECC-X-M1 series motion controllers or YJKP servo press kits in production lines is affected.

How it could be exploited

An attacker sends a specially crafted command to the controller's network interface (default port 502 or web interface). The controller does not validate or sanitize the input before passing it to the underlying system, allowing command injection. No credentials or prior access are required.

Prerequisites

Network reachability to the Festo CECC-X-M1 controller on the communication port (typically port 502 for Modbus or web port)
No authentication required

remotely exploitableno authentication requiredlow complexityaffects production equipmenthigh CVSS (9.8)

Exploitability

Moderate exploit probability (EPSS 1.6%)

Affected products (11)

11 with fix

ProductAffected VersionsFix Status

Controller CECC-X-M14.0.144.0.18

Controller CECC-X-M1≤ 3.8.144.0.18

Controller CECC-X-M1-MV≤ 3.8.143.8.18

Controller CECC-X-M1-MV4.0.143.8.18

Controller CECC-X-M1-MV-S14.0.144.0.18

Controller CECC-X-M1-MV-S1≤ 3.8.144.0.18

Controller CECC-X-M1-YS-L1≤ 3.8.143.8.18

Controller CECC-X-M1-YS-L2≤ 3.8.143.8.18

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to Festo controllers by implementing firewall rules to allow only authorized engineering workstations and SCADA systems to communicate with the controllers

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

Servo Press Kit YJKP

HOTFIXUpdate Servo Press Kit YJKP (partner numbers 8077950, 8058596) to firmware version 3.8.18

All products

HOTFIXUpdate all CECC-X-M1 series controllers (partner numbers 4407603, 8124922, 4407605, 8124923, 4407606, 8124924, 4803891, 8082793, 8082794) to firmware version 3.8.18 or 4.0.18 depending on current major version

Long-term hardening

0/1

HARDENINGSegment Festo controllers to a separate OT network with limited connectivity to corporate IT and external networks

CVEs (4)

CVE-2022-30311 CVE-2022-30310 CVE-2022-30309 CVE-2022-30308

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/cd5fd065-39b2-4650-aa16-e878c4adf32b