Festo CPX-CEC-C1 and CPX-CMXX

Monitor7.5ICS-CERT ICSA-25-273-03Sep 20, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Unauthenticated access to critical webpage functions on Festo CPX-CEC-C1 and CPX-CMXX control blocks allows an attacker to trigger a device reboot without authentication, causing denial of service. The vulnerability affects CPX-CEC-C1 versions up to 2.0.12, CPX-CMXX up to 1.2.34_rev.404, and CPX-CEC-C1 control block SET up to 1.2.34_rev.404. Festo has not released patches for these products and recommends network isolation, firewall protection, VPN for remote access, and activation of user management and password features as compensating controls.

What this means

What could happen

An attacker on your network can reboot the CPX controller without authentication, causing the device to go offline and interrupting production processes controlled by that unit.

Who's at risk

Organizations operating Festo CPX control blocks (CPX-CEC-C1 and CPX-CMXX) in manufacturing, water treatment, or process automation facilities should be concerned. These are programmable logic controllers used to manage automated processes; loss of communications or unexpected reboot can halt production.

How it could be exploited

An attacker sends an unauthenticated HTTP request to the controller's web interface (port 80 or 443) targeting the reboot function. The device accepts the request and restarts, causing loss of communications and halting any active control logic until it comes back online.

Prerequisites

Network access to the CPX controller's HTTP/HTTPS port (80/443)
No credentials required

remotely exploitableno authentication requiredlow complexityno patch availableaffects control system availability

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (3)

3 EOL

ProductAffected VersionsFix Status

Control block CPX-CEC-C1≤ 2.0.12No fix (EOL)

Control block CPX-CMXX≤ 1.2.34 rev.404No fix (EOL)

Control block-SET CPX-CEC-C1≤ 1.2.34 rev.404No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/3

WORKAROUNDRestrict network access to the CPX controller using firewall rules—only allow HTTP/HTTPS traffic from authorized engineering workstations and automation systems

HARDENINGIf remote access is required, deploy a VPN tunnel and require authentication before allowing traffic to reach the controller

HARDENINGEnable and configure user management and password authentication features on the CPX controller per the product manual

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGUse encrypted communication links (HTTPS) for all access to the controller's web interface

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: Control block CPX-CEC-C1, Control block CPX-CMXX, Control block-SET CPX-CEC-C1. Apply the following compensating controls:

HARDENINGImplement network segmentation to isolate the control system network from corporate IT and external networks

CVEs (1)

CVE-2022-3079

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/6361ce12-7624-43a6-8f7b-83f4b6305df9