{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-26T14:57:14.494","vulnerabilities":[{"cve":{"id":"CVE-2014-0769","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2014-04-25T05:12:07.753","lastModified":"2026-06-17T00:03:36.527","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001."},{"lang":"es","value":"Festo CECX-X-C1 Modular Master Controller con CoDeSys y CECX-X-M1 Modular Controller con CoDeSys y SoftMotion no requieren autenticación para conexiones a puertos TCP, lo que permite a atacantes remotos (1) modificar la configuración a través de una solicitud hacia el servicio de depuración en puerto 4000 o (2) eliminar entradas de registro a través de una solicitud hacia el servicio de registro de puerto 4001."}],"affected":[{"source":"ics-cert@hq.dhs.gov","affectedData":[{"vendor":"Festo","product":"CECX-X-C1 Modular Master Controller with CoDeSys","defaultStatus":"unaffected","versions":[{"version":"all","status":"affected"}]},{"vendor":"Festo","product":"CECX-X-M1 Modular Controller with CoDeSys and SoftMotion","defaultStatus":"unaffected","versions":[{"version":"all","status":"affected"}]}]}],"metrics":{"cvssMetricV2":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:softmotion3d:softmotion:-:*:*:*:*:*:*:*","matchCriteriaId":"B1A68669-AFEA-4D4A-A8B8-3D95137AEDAB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:h:festo:cecx-x-m1_modular_controller:-:*:*:*:*:*:*:*","matchCriteriaId":"FA6BC4C2-B93A-42A3-85A4-7161C769EE04"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:3s-software:codesys_runtime_system:-:*:*:*:*:*:*:*","matchCriteriaId":"846BA4EA-FA65-46B9-90B3-662E51F06B74"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:h:festo:cecx-x-c1_modular_master_controller:-:*:*:*:*:*:*:*","matchCriteriaId":"D4428AC4-B79E-4DDC-8CB1-6F91F835945B"}]}]}],"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-14-084-01","source":"ics-cert@hq.dhs.gov"},{"url":"http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["US Government Resource"]}]}}]}