VulnHub

Real-time Cybersecurity News

Festo Compact Vision System, Control Block, Controller, and Operator Unit products

All CISA Advisories
PhishingCVEVulnerabilityUpdateCritical

Overview

The Festo Compact Vision System and related products have critical vulnerabilities that could allow unauthorized access and modification of configuration files, with a CVSS score of up to 9.8. Users are urged to implement security measures to mitigate the risk of exploitation, as these vulnerabilities could severely impact device security and integrity.

Key Takeaways

  • Affected Systems: Affected products include: Festo Software Compact Vision System (All Versions), Control blocks (CPX-CEC-C1 Codesys V2, CPX-CEC-C1-V3 Codesys V3, CPX-CEC Codesys V2, CPX-CEC-M1 Codesys V2, CPX-CEC-M1-V3 Codesys V3, CPX-CEC-S1-V3 Codesys V3, CPX-CMXX), Controllers (CECC-D, CECC-D-BA, CECC-D-CS, CECC-LK, CECC-S, CECC-X-M1, CECC-X-M1-MV, CECC-X-M1-S1, CECX-X-C1, CECX-X-M1, CPX-E-CEC-C1, CPX-E-CEC-C1-EP, CPX-E-CEC-C1-PN, CPX-E-CEC-M1, CPX-E-CEC-M1-EP, CPX-E-CEC-M1-PN, FED-CEC), and Operator units (CDPX-X-A-S-10, CDPX-X-A-W-13, CDPX-X-A-W-4, CDPX-X-A-W-7, CDPX-X-E1-W-10, CDPX-X-E1-W-15, CDPX-X-E1-W-7). Vendor: Festo.
  • Action Required: For CVE-2022-22515: Use online user management to prevent unauthorized access.
  • Timeline: Disclosed on November 25, 2025

Original Article Summary

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Festo Equipment: Compact Vision System, Control Block, Controller, and Operator Unit products Vulnerabilities: Exposure of Resource to Wrong Sphere, Initialization of a Resource with an Insecure Default 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in an attacker accessing devices without authentication or modifying configuration files. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Festo reports that the following products are affected: Festo Software Compact Vision System SBO-Q-: All Versions Festo Software Control block CPX-CEC-C1 Codesys V2: All Versions Festo Software Control block CPX-CEC-C1-V3 Codesys V3: All Versions Festo Software Control block CPX-CEC Codesys V2: All Versions Festo Software Control block CPX-CEC-M1 Codesys V2: All Versions Festo Software Control block CPX-CEC-M1-V3 Codesys V3: All Versions Festo Software Control block CPX-CEC-S1-V3 Codesys V3: All Versions Festo Software Control block CPX-CMXX: All Versions Festo Software Controller CECC-D: All Versions Festo Software Controller CECC-D-BA: All Versions Festo Software Controller CECC-D-CS: All Versions Festo Software Controller CECC-LK: All Versions Festo Software Controller CECC-S: All Versions Festo Software Controller CECC-X-M1: All Versions Festo Software Controller CECC-X-M1-MV: All Versions Festo Software Controller CECC-X-M1-S1: All Versions Festo Software Controller CECX-X-C1: All Versions Festo Software Controller CECX-X-M1: All Versions Festo Software Controller CPX-E-CEC-C1: All Versions Festo Software Controller CPX-E-CEC-C1-EP: All Versions Festo Software Controller CPX-E-CEC-C1-PN: All Versions Festo Software Controller CPX-E-CEC-M1: All Versions Festo Software Controller CPX-E-CEC-M1-EP: All Versions Festo Software Controller CPX-E-CEC-M1-PN: All Versions Festo Software Controller FED-CEC: All Versions Festo Software Operator unit CDPX-X-A-S-10: All Versions Festo Software Operator unit CDPX-X-A-W-13: All Versions Festo Software Operator unit CDPX-X-A-W-4: All Versions Festo Software Operator unit CDPX-X-A-W-7: All Versions Festo Software Operator unit CDPX-X-E1-W-10: All Versions Festo Software Operator unit CDPX-X-E1-W-15: All Versions Festo Software Operator unit CDPX-X-E1-W-7: All Versions 3.2 VULNERABILITY OVERVIEW 3.2.1 EXPOSURE OF RESOURCE TO WRONG SPHERE CWE-668 A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products. CVE-2022-22515 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). 3.2.2 INITIALIZATION OF A RESOURCE WITH AN INSECURE DEFAULT CWE-1188 In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login in case no password is set at the controller. CVE-2022-31806 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: Germany 3.4 RESEARCHER CERT@VDE coordinated and supported publication with Festo. Rob Hulsebos and Daniel dos Santos of Forescout reported this vulnerability to Festo. 4. MITIGATIONS Festo has identified the following specific workarounds and mitigations users can apply to reduce risk: For CVE-2022-22515: Using the online user management prevents an attacker from downloading and executing malicious code, but also suppresses start, stop, debug, or other actions on a known working application that could potentially disrupt a machine or system. For CVE-2022-31806: Enable password protection at login in case no password is set at the controller. Please note that the password configuration file is not covered via default FFT backup & Restore mechanism, you must select the related file manually. For more information see the associated Festo SE & Co. KG security advisory FSA-202208 FSA-202208: Festo: Multiple Festo products contain an unsafe default Codesys configuration - HTML, FSA-202208: Festo: Multiple Festo products contain an unsafe default Codesys configuration - CSAF. CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. 5. UPDATE HISTORY November 25, 2025: Initial Republication of Festo SE & Co. KG FSA-202208

Impact

Affected products include: Festo Software Compact Vision System (All Versions), Control blocks (CPX-CEC-C1 Codesys V2, CPX-CEC-C1-V3 Codesys V3, CPX-CEC Codesys V2, CPX-CEC-M1 Codesys V2, CPX-CEC-M1-V3 Codesys V3, CPX-CEC-S1-V3 Codesys V3, CPX-CMXX), Controllers (CECC-D, CECC-D-BA, CECC-D-CS, CECC-LK, CECC-S, CECC-X-M1, CECC-X-M1-MV, CECC-X-M1-S1, CECX-X-C1, CECX-X-M1, CPX-E-CEC-C1, CPX-E-CEC-C1-EP, CPX-E-CEC-C1-PN, CPX-E-CEC-M1, CPX-E-CEC-M1-EP, CPX-E-CEC-M1-PN, FED-CEC), and Operator units (CDPX-X-A-S-10, CDPX-X-A-W-13, CDPX-X-A-W-4, CDPX-X-A-W-7, CDPX-X-E1-W-10, CDPX-X-E1-W-15, CDPX-X-E1-W-7). Vendor: Festo.

Exploitation Status

No active exploitation has been reported at this time. However, organizations should still apply patches promptly as proof-of-concept code may exist.

Timeline

Disclosed on November 25, 2025

Remediation

For CVE-2022-22515: Use online user management to prevent unauthorized access. For CVE-2022-31806: Enable password protection at login if no password is set. Note that the password configuration file must be manually selected for backup as it is not included in the default FFT backup & Restore mechanism. CISA recommends minimizing network exposure for control systems, using firewalls, and employing secure remote access methods like VPNs.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Phishing, CVE, Vulnerability, and 2 more.

Read Original Article

Related Coverage

Report: Data extortion intrusions spike

SCM feed for Latest

In 2024, cyberattacks involving data extortion surged to 6,800 incidents, marking a significant 63% increase from the previous year. This rise has been largely driven by the intensified activities of ransomware groups such as Qilin, Sp1d3r Hunters, and Clop. These groups are known for stealing sensitive data and then threatening to release it unless a ransom is paid. This trend poses serious risks to organizations across various sectors as they face increasing pressure to protect their data and respond to extortion demands. Companies must enhance their cybersecurity measures to mitigate these risks and safeguard their sensitive information from being exploited by cybercriminals.

Feb 13, 2026

Toll of Georgia health firm hack exceeds 620K

SCM feed for Latest

ApolloMD, a major healthcare firm based in Georgia with operations across the U.S., disclosed a significant data breach affecting over 626,000 patients. The incident, which occurred in May, was attributed to the Qilin ransomware group. Compromised information includes sensitive data, which raises serious concerns about patient privacy and potential identity theft. As healthcare organizations increasingly face cyber threats, this breach serves as a troubling reminder of the vulnerabilities within the sector. Patients and providers alike need to be vigilant about safeguarding personal information and responding to potential fallout from such attacks.

Feb 13, 2026

UK government faces IT hurdles in preventing sensitive data leaks

SCM feed for Latest

The UK government's Science, Innovation and Technology Committee recently questioned ministers about the challenges of preventing sensitive data leaks, particularly in light of a recent incident involving the Ministry of Defence (MoD). In this case, sensitive information was accidentally exposed, putting Afghan informants at risk. This incident raises serious concerns about data security practices within government departments. The committee is focused on ensuring that such lapses do not occur again, especially given the potential dangers to individuals who have assisted UK forces. The discussion highlights the urgent need for better safeguards to protect sensitive data in government systems.

Feb 13, 2026

Ivanti EPMM Zero-Day Bugs Spark Exploit Frenzy — Again

darkreading

Recent zero-day vulnerabilities in Ivanti's Endpoint Manager Mobile (EPMM) have sparked renewed concern among cybersecurity experts. These flaws, which can be exploited by attackers, could potentially compromise sensitive data in mobile devices managed by the software. Organizations using EPMM must act quickly to secure their systems, as these vulnerabilities are already being exploited in the wild. Experts are urging a shift away from simply applying patches and towards more robust security measures, including better authentication controls and reducing unnecessary public interfaces. The urgency of the situation emphasizes the need for businesses to prioritize security and stay updated with the latest patches and practices.

Feb 12, 2026

Critical BeyondTrust RCE flaw now exploited in attacks, patch now

BleepingComputer

A serious vulnerability has been discovered in BeyondTrust Remote Support and Privileged Remote Access appliances, allowing attackers to execute code remotely without authentication. This flaw has become a target for exploitation after a proof-of-concept (PoC) was made publicly available. Organizations using these systems should be particularly vigilant, as the flaw can lead to unauthorized access and potential data breaches. BeyondTrust has released patches to address this issue, and it’s crucial for users to apply these updates promptly to protect their systems. The urgency of this situation highlights the need for proactive security measures in remote access technologies.

Feb 12, 2026

Gone With the Shame: One in Two Americans Are Reluctant to Talk About Romance Scam Incidents

darkreading

As Valentine's Day approaches, a new report reveals that men are nearly twice as likely as women to fall victim to romance scams. These scams typically involve fraudsters posing as potential romantic partners online, often leading to significant financial losses for victims. The reluctance to discuss these incidents is prevalent, with many individuals feeling ashamed or embarrassed about being scammed. This silence can hinder awareness and prevention efforts, making it crucial for people to openly share their experiences. Given the emotional and financial toll these scams can take, men should be particularly vigilant this Valentine's Day to avoid falling prey to such deceitful tactics.

Feb 12, 2026