- What is the severity of CVE-2014-0760?
- CVE-2014-0760 has been scored as a critical severity vulnerability.
- How to fix CVE-2014-0760?
- As a workaround for remediating CVE-2014-0760: Festo has decided not to resolve these vulnerabilities, placing critical infrastructure asset owners using this product at risk. This advisory is being published to alert critical infrastructure asset owners of the risk of using this equipment, and to increase compensating security measures if possible. Some of these compensating measures can be: * Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet. * Locate control system networks and remote devices behind firewalls, and isolate them from the business network. * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices. * Investigate the practicality of configuring and deploying an intrusion detection system (IDS) to log and monitor the control system network, as well as adjacent networks. * Configure, activate, and test existing defenses, such as port security and traffic logging, among other defensive strategies in the recommended practices document listed below.
- Is CVE-2014-0760 being actively exploited in the wild?
- It is possible that CVE-2014-0760 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
- What software or system is affected by CVE-2014-0760?
- CVE-2014-0760 affects Festo CECX-X-C1 Modular Master Controller with CoDeSys, Festo CECX-X-M1 Modular Controller with CoDeSys and SoftMotion.