Festo MSE6-C2M/D2M/E2M
Summary
The Festo MSE6-C2M/D2M/E2M series has a critical vulnerability (CVE-2023-3634) that allows remote authenticated attackers to exploit undocumented test modes, leading to severe risks including loss of confidentiality, integrity, and availability. This vulnerability has a CVSS score of 8.8, indicating a high severity level and necessitating immediate attention and remediation.
Impact
Affected products include: MSE6-C2M-5000-FB36-D-M-RG-BAR-M12L4-AGD, MSE6-C2M-5000-FB36-D-M-RG-BAR-M12L5-AGD, MSE6-C2M-5000-FB43-D-M-RG-BAR-M12L4-MQ1-AGD, MSE6-C2M-5000-FB43-D-M-RG-BAR-M12L5-MQ1-AGD, MSE6-C2M-5000-FB44-D-M-RG-BAR-AMI-AGD, MSE6-C2M-5000-FB44-D-RG-BAR-AMI-AGD, MSE6-D2M-5000-CBUS-S-RG-BAR-VCB-AGD, MSE6-E2M-5000-FB13-AGD, MSE6-E2M-5000-FB36-AGD, MSE6-E2M-5000-FB37-AGD, MSE6-E2M-5000-FB43-AGD, MSE6-E2M-5000-FB44-AGD. Vendor: Festo SE & Co. KG.
In the Wild
No
Timeline
Disclosed on [date]
Remediation
Festo has updated the user documentation in the next product version to address this issue. Recommended defensive measures include minimizing network exposure for control systems, using firewalls, and secure remote access methods like VPNs. Organizations should also perform impact analysis and risk assessments before deploying defensive measures.