CVE-2022-3270

Incomplete Documentation of remote functions in FESTO products.

Description

In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protocol which could lead to a complete loss of confidentiality, integrity and availability.

Category

9.8
CVSS
Severity: Critical
CVSS 3.1 •
EPSS 0.29%
Third-Party Advisory vde.com
Affected: Festo SE Bus module CPX-E-EP
Affected: Festo SE Bus node CPX-FB32
Affected: Festo SE Bus node CPX-FB33
Affected: Festo SE Bus node CPX-FB36
Affected: Festo SE Bus node CPX-FB37
Affected: Festo SE Bus node CPX-FB39
Affected: Festo SE Bus node CPX-FB40
Affected: Festo SE Bus node CPX-FB43
Affected: Festo SE Bus node CPX-M-FB34
Affected: Festo SE Bus node CPX-M-FB35
Affected: Festo SE Bus node CPX-M-FB44
Affected: Festo SE Bus node CPX-M-FB45
Affected: Festo SE Bus node CTEU-EP
Affected: Festo SE Bus node CTEU-PN
Affected: Festo SE Bus node CTEU-PN-EX1C
Affected: Festo SE Camera system CHB-C-N
Affected: Festo SE Compact Vision System SBO*-C-*
Affected: Festo SE Compact Vision System SBO*-M-*
Affected: Festo SE Compact Vision System SBO*-Q-*
Affected: Festo SE Control block CPX-CEC
Affected: Festo SE Control block CPX-CEC-C1
Affected: Festo SE Control block CPX-CEC-C1-V3
Affected: Festo SE Control block CPX-CEC-M1
Affected: Festo SE Control block CPX-CEC-M1-V3
Affected: Festo SE Control block CPX-CEC-S1-V3
Affected: Festo SE Control block CPX-CMXX
Affected: Festo SE Control block CPX-CMXX
Affected: Festo SE Control block CPX-FEC-1-IE
Affected: Festo SE Controller CECC-D
Affected: Festo SE Controller CECC-D-BA
Affected: Festo SE Controller CECC-LK
Affected: Festo SE Controller CECC-S
Affected: Festo SE Controller CECC-X-*
Affected: Festo SE Controller CECX-X-C1
Affected: Festo SE Controller CECX-X-M1
Affected: Festo SE Controller CMXH-ST2-C5-7-DIOP
Affected: Festo SE Controller CPX-E-CEC-*
Affected: Festo SE Controller SBRD-Q
Affected: Festo SE EtherNet/IP interface CPX-AP-I-EP-M12
Affected: Festo SE EtherNet/IP interface CPX-AP-I-PN-M12
Affected: Festo SE Gateway CPX-IOT
Affected: Festo SE Integrated drive EMCA-EC-67-*
Affected: Festo SE Motor controller CMMO-ST-C5-1-DION
Affected: Festo SE Motor controller CMMO-ST-C5-1-DIOP
Affected: Festo SE Motor controller CMMO-ST-C5-1-LKP
Affected: Festo SE Motor controller CMMP-AS-*
Affected: Festo SE Motor controller CMMT-AS-*
Affected: Festo SE Operator unit CDPX-X-A-S-10
Affected: Festo SE Operator unit CDPX-X-A-W-13
Affected: Festo SE Operator unit CDPX-X-A-W-4
Affected: Festo SE Operator unit CDPX-X-A-W-7
Affected: Festo SE Planar surface gantry EXCM-*
Affected: Festo SE Servo drive CMMT-ST-C8-1C-EP-S0
Affected: Festo SE Servo drive CMMT-ST-C8-1C-PN-S0
Affected: Festo SE VTEM-S1-*
Affected: Festo SE Bus module CPX-E-PN
Published at:
Updated at:

References

Link Tags
https://cert.vde.com/en/advisories/VDE-2022-041/ third party advisory

Frequently Asked Questions

What is the severity of CVE-2022-3270?
CVE-2022-3270 has been scored as a critical severity vulnerability.
How to fix CVE-2022-3270?
To fix CVE-2022-3270, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-3270 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-3270 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-3270?
CVE-2022-3270 affects Festo SE Bus module CPX-E-EP, Festo SE Bus node CPX-FB32, Festo SE Bus node CPX-FB33, Festo SE Bus node CPX-FB36, Festo SE Bus node CPX-FB37, Festo SE Bus node CPX-FB39, Festo SE Bus node CPX-FB40, Festo SE Bus node CPX-FB43, Festo SE Bus node CPX-M-FB34, Festo SE Bus node CPX-M-FB35, Festo SE Bus node CPX-M-FB44, Festo SE Bus node CPX-M-FB45, Festo SE Bus node CTEU-EP, Festo SE Bus node CTEU-PN, Festo SE Bus node CTEU-PN-EX1C, Festo SE Camera system CHB-C-N, Festo SE Compact Vision System SBO*-C-*, Festo SE Compact Vision System SBO*-M-*, Festo SE Compact Vision System SBO*-Q-*, Festo SE Control block CPX-CEC, Festo SE Control block CPX-CEC-C1, Festo SE Control block CPX-CEC-C1-V3, Festo SE Control block CPX-CEC-M1, Festo SE Control block CPX-CEC-M1-V3, Festo SE Control block CPX-CEC-S1-V3, Festo SE Control block CPX-CMXX, Festo SE Control block CPX-CMXX, Festo SE Control block CPX-FEC-1-IE, Festo SE Controller CECC-D, Festo SE Controller CECC-D-BA, Festo SE Controller CECC-LK, Festo SE Controller CECC-S, Festo SE Controller CECC-X-*, Festo SE Controller CECX-X-C1, Festo SE Controller CECX-X-M1, Festo SE Controller CMXH-ST2-C5-7-DIOP, Festo SE Controller CPX-E-CEC-*, Festo SE Controller SBRD-Q, Festo SE EtherNet/IP interface CPX-AP-I-EP-M12, Festo SE EtherNet/IP interface CPX-AP-I-PN-M12, Festo SE Gateway CPX-IOT, Festo SE Integrated drive EMCA-EC-67-*, Festo SE Motor controller CMMO-ST-C5-1-DION, Festo SE Motor controller CMMO-ST-C5-1-DIOP, Festo SE Motor controller CMMO-ST-C5-1-LKP, Festo SE Motor controller CMMP-AS-*, Festo SE Motor controller CMMT-AS-*, Festo SE Operator unit CDPX-X-A-S-10, Festo SE Operator unit CDPX-X-A-W-13, Festo SE Operator unit CDPX-X-A-W-4, Festo SE Operator unit CDPX-X-A-W-7, Festo SE Planar surface gantry EXCM-*, Festo SE Servo drive CMMT-ST-C8-1C-EP-S0, Festo SE Servo drive CMMT-ST-C8-1C-PN-S0, Festo SE VTEM-S1-*, Festo SE Bus module CPX-E-PN.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.