CVE-2023-3634

Summary

In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which could lead to a complete loss of confidentiality, integrity and availability.

Affected Software

VendorProductVersion RangeStatus
FestoMSE6-C2M-5000-FB36-D-M-RG-BAR-M12L4-AGD*affected
FestoMSE6-C2M-5000-FB36-D-M-RG-BAR-M12L5-AGD*affected
FestoMSE6-C2M-5000-FB43-D-M-RG-BAR-M12L4-MQ1-AGD*affected
FestoMSE6-C2M-5000-FB43-D-M-RG-BAR-M12L5-MQ1-AGD*affected
FestoMSE6-C2M-5000-FB44-D-M-RG-BAR-AMI-AGD*affected
FestoMSE6-C2M-5000-FB44-D-RG-BAR-AMI-AGD*affected
FestoMSE6-D2M-5000-CBUS-S-RG-BAR-VCB-AGD*affected
FestoMSE6-E2M-5000-FB13-AGD*affected
FestoMSE6-E2M-5000-FB36-AGD*affected
FestoMSE6-E2M-5000-FB37-AGD*affected
FestoMSE6-E2M-5000-FB43-AGD*affected
FestoMSE6-E2M-5000-FB44-AGD*affected

Weaknesses

  • CWE-1242: CWE-1242 Inclusion of Undocumented Features or Chicken Bits

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References