CVE-2022-3270
CRITICALCVSS 9.8/10EPSS 1.05%
Last modified
CVE-2022-3270 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protocol which could lead to a complete loss of confidentiality, integrity and availability. . EPSS estimates a 1.05% chance of exploitation in the next 30 days.
Description
In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protocol which could lead to a complete loss of confidentiality, integrity and availability.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Festo | Bus Module Cpx-E-Ep Firmware | All versions |
| Festo | Bus Node Cpx-Fb32 Firmware | All versions |
| Festo | Bus Node Cpx-Fb33 Firmware | All versions |
| Festo | Bus Node Cpx-Fb36 Firmware | All versions |
| Festo | Bus Node Cpx-Fb37 Firmware | All versions |
| Festo | Bus Node Cpx-Fb39 Firmware | All versions |
| Festo | Bus Node Cpx-Fb40 Firmware | All versions |
| Festo | Bus Node Cpx-Fb43 Firmware | All versions |
| Festo | Bus Node Cpx-M-Fb34 Firmware | All versions |
| Festo | Bus Node Cpx-M-Fb35 Firmware | All versions |
| Festo | Bus Node Cpx-M-Fb44 Firmware | All versions |
| Festo | Bus Node Cpx-M-Fb45 Firmware | All versions |
| Festo | Bus Node Cteu-Ep Firmware | All versions |
| Festo | Bus Node Cteu-Pn Firmware | All versions |
| Festo | Bus Node Cteu-Pn-Ex1c Firmware | All versions |
| Festo | Camera System Chb-C-N Firmware | All versions |
| Festo | Cecx-X-C1 Modular Master Controller Firmware | All versions |
| Festo | Cecx-X-M1 Modular Controller Firmware | All versions |
| Festo | Compact Vision System Sboc-C Firmware | All versions |
| Festo | Compact Vision System Sboc-M Firmware | All versions |
| Festo | Compact Vision System Sboc-Q Firmware | All versions |
| Festo | Compact Vision System Sboi-C Firmware | All versions |
| Festo | Compact Vision System Sboi-M Firmware | All versions |
| Festo | Compact Vision System Sboi-Q Firmware | All versions |
| Festo | Control Block Cpx-Cec Firmware | All versions |
| Festo | Control Block Cpx-Cec-C1 Firmware | All versions |
| Festo | Control Block Cpx-Cec-C1-V3 Firmware | All versions |
| Festo | Control Block Cpx-Cec-M1 Firmware | All versions |
| Festo | Control Block Cpx-Cec-M1-V3 Firmware | All versions |
| Festo | Control Block Cpx-Cec-S1-V3 Firmware | All versions |
| Festo | Control Block Cpx-Cmxx Firmware | All versions |
| Festo | Control Block Cpx-Fec-1-Ie Firmware | All versions |
| Festo | Controller Cecc-D Firmware | All versions |
| Festo | Controller Cecc-D-Ba Firmware | All versions |
| Festo | Controller Cecc-Lk Firmware | All versions |
| Festo | Controller Cecc-S Firmware | All versions |
| Festo | Controller Cecc-X-M1 Firmware | All versions |
| Festo | Controller Cecc-X-M1-Mv Firmware | All versions |
| Festo | Controller Cecc-X-M1-Mv-S1 Firmware | All versions |
| Festo | Controller Cecc-X-M1-Y-Yjkp Firmware | All versions |
| Festo | Controller Cecc-X-M1-Ys-L1 Firmware | All versions |
| Festo | Controller Cecc-X-M1-Ys-L2 Firmware | All versions |
| Festo | Controller Cmxh-St2-C5-7-Diop Firmware | All versions |
| Festo | Controller Sbrd-Q Firmware | All versions |
| Festo | Ethernet\/Ip Interface Cpx-Ap-I-Ep-M12 Firmware | All versions |
| Festo | Ethernet\/Ip Interface Cpx-Ap-I-Pn-M12 Firmware | All versions |
| Festo | Gateway Cpx-Iot Firmware | All versions |
| Festo | Integrated Drive Emca-Ec-67 Firmware | All versions |
| Festo | Integrated Drive Emca-Ec-67-M-1te-Ep Firmware | All versions |
| Festo | Motor Controller Cmmo-St-C5-1-Dion Firmware | All versions |
Showing 50 of 99 affected configurations. See NVD for the full list.
References
- https://cert.vde.com/en/advisories/VDE-2022-041/Third Party Advisory
- https://cert.vde.com/en/advisories/VDE-2022-041/Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-3270?
In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protocol which could lead to a complete loss of confidentiality, integrity and availability.
How severe is CVE-2022-3270?
CVE-2022-3270 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 1.05% probability of exploitation in the next 30 days.
How do I fix CVE-2022-3270?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2022-3270?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST