This report highlights a significant vulnerability in Festo control devices allowing remote, unauthenticated access that could lead to a denial of service. Mitigations include limiting network access and updating affected products to newer versions. #FestoVulnerability #CVE-2022-3079
Keypoints
- The vulnerability affects Festo firmware versions on CPX-CEC-C1 and CPX-CMXX control blocks.
- An attacker can exploit it remotely with low attack complexity to cause system denial of service.
- No fix is currently planned, but users are advised to limit web server access and upgrade to newer product versions.
- The vulnerability has been assigned CVE-2022-3079 with a CVSS score of 7.5.
- The issue impacts critical manufacturing infrastructure worldwide, emphasizing the need for enhanced network security measures.
Read More: https://www.cisa.gov/news-events/ics-advisories/icsa-25-273-03