Skip to main content

Bus Module Cpx E Ep Firmware CVE-2022-3270

CRITICAL
Insufficient Technical Documentation (CWE-1059)
2022-12-01 info@cert.vde.com
Information Disclosure Bus Module Cpx E Ep Firmware Bus Node Cpx Fb32 Firmware Bus Node Cpx Fb33 Firmware Bus Node Cpx Fb36 Firmware Bus Node Cpx Fb37 Firmware Bus Node Cpx Fb39 Firmware Bus Node Cpx Fb40 Firmware Bus Node Cpx Fb43 Firmware Bus Node Cpx M Fb34 Firmware Bus Node Cpx M Fb35 Firmware Bus Node Cpx M Fb44 Firmware Bus Node Cpx M Fb45 Firmware Bus Node Cteu Ep Firmware Bus Node Cteu Pn Firmware Bus Node Cteu Pn Ex1C Firmware Camera System Chb C N Firmware Cecx X C1 Modular Master Controller Firmware Cecx X M1 Modular Controller Firmware Compact Vision System Sboc C Firmware Compact Vision System Sboc M Firmware Compact Vision System Sboc Q Firmware Compact Vision System Sboi C Firmware Compact Vision System Sboi M Firmware Compact Vision System Sboi Q Firmware Control Block Cpx Cec Firmware Control Block Cpx Cec C1 Firmware Control Block Cpx Cec C1 V3 Firmware Control Block Cpx Cec M1 Firmware Control Block Cpx Cec M1 V3 Firmware Control Block Cpx Cec S1 V3 Firmware Control Block Cpx Cmxx Firmware Control Block Cpx Fec 1 Ie Firmware Controller Cecc D Firmware Controller Cecc D Ba Firmware Controller Cecc Lk Firmware Controller Cecc S Firmware Controller Cecc X M1 Firmware Controller Cecc X M1 Mv Firmware Controller Cecc X M1 Mv S1 Firmware Controller Cecc X M1 Y Yjkp Firmware Controller Cecc X M1 Ys L1 Firmware Controller Cecc X M1 Ys L2 Firmware Controller Cmxh St2 C5 7 Diop Firmware Controller Sbrd Q Firmware Ethernet Ip Interface Cpx Ap I Ep M12 Firmware Ethernet Ip Interface Cpx Ap I Pn M12 Firmware Gateway Cpx Iot Firmware Integrated Drive Emca Ec 67 Firmware Integrated Drive Emca Ec 67 M 1Te Ep Firmware Motor Controller Cmmo St C5 1 Dion Firmware Motor Controller Cmmo St C5 1 Diop Firmware Motor Controller Cmmo St C5 1 Lkp Firmware Motor Controller Cmmp As C10 11A P3 M0 Firmware Motor Controller Cmmp As C10 11A P3 M3 Firmware Motor Controller Cmmp As C15 11A P3 M3 Firmware Motor Controller Cmmp As C2 3A M0 Firmware Motor Controller Cmmp As C2 3A M3 Firmware Motor Controller Cmmp As C5 11A P3 M0 Firmware Motor Controller Cmmp As C5 11A P3 M3 Firmware Motor Controller Cmmp As C5 3A M0 Firmware Motor Controller Cmmp As C5 3A M3 Firmware Operator Unit Cdpx X A S 10 Firmware Operator Unit Cdpx X A W 13 Firmware Operator Unit Cdpx X A W 4 Firmware Operator Unit Cdpx X A W 7 Firmware Planar Surface Gantry Excm 30 Firmware Planar Surface Gantry Excm 40 Firmware Servo Cmmt As C12 11A P3 Ec S1 Firmware Servo Cmmt As C12 11A P3 Ep S1 Firmware Servo Cmmt As C12 11A P3 Mp S1 Firmware Servo Cmmt As C12 11A P3 Pn S1 Firmware Servo Cmmt As C2 11A P3 Ec S1 Firmware Servo Cmmt As C2 11A P3 Ep S1 Firmware Servo Cmmt As C2 11A P3 Mp S1 Firmware Servo Cmmt As C2 11A P3 Pn S1 Firmware Servo Cmmt As C2 3A Ec S1 Firmware Servo Cmmt As C2 3A Ep S1 Firmware Servo Cmmt As C2 3A Mp S1 Firmware Servo Cmmt As C2 3A Pn S1 Firmware Servo Cmmt As C3 11A P3 Ec S1 Firmware Servo Cmmt As C3 11A P3 Ep S1 Firmware Servo Cmmt As C3 11A P3 Mp S1 Firmware Servo Cmmt As C3 11A P3 Pn S1 Firmware Servo Cmmt As C4 3A Ec S1 Firmware Servo Cmmt As C4 3A Ep S1 Firmware Servo Cmmt As C4 3A Mp S1 Firmware Servo Cmmt As C4 3A Pn S1 Firmware Servo Cmmt As C5 11A P3 Ec S1 Firmware Servo Cmmt As C5 11A P3 Ep S1 Firmware Servo Cmmt As C5 11A P3 Mp S1 Firmware Servo Cmmt As C5 11A P3 Pn S1 Firmware Servo Cmmt As C7 11A P3 Ec S1 Firmware Servo Cmmt As C7 11A P3 Ep S1 Firmware Servo Cmmt As C7 11A P3 Mp S1 Firmware Servo Cmmt As C7 11A P3 Pn S1 Firmware Servo Drive Cmmt St C8 1C Ep S0 Firmware Servo Drive Cmmt St C8 1C Pn S0 Firmware Vtem S1 27 Firmware Vtem S1 C Firmware
9.8
CVSS 3.1 · Vendor: cert
Share

Severity by source

Vendor (cert) PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from Vendor (cert) · only source for this CVE.

CVSS VectorVendor: cert

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 01, 2022 - 11:15 cve.org
CRITICAL 9.8

DescriptionCVE.org

In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protocol which could lead to a complete loss of confidentiality, integrity and availability.

AnalysisAI

In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protocol which could lead to a complete loss of confidentiality, integrity and availability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-1059. In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protocol which could lead to a complete loss of confidentiality, integrity and availability. Affected products include: Festo Bus Module Cpx-E-Ep Firmware, Festo Bus Node Cpx-Fb32 Firmware, Festo Bus Node Cpx-Fb33 Firmware, Festo Bus Node Cpx-Fb36 Firmware, Festo Bus Node Cpx-Fb37 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2022-3270 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy