|
|
FSA - 202305 - Security Advisory - Vulnerable Wibu CodeMeter Runtime in Several Festo Products
A vulnerability in the Wibu CodeMeter Runtime, which is part of the installation packages of several Festo products, was found.
An attacker exploiting the vulnerability in WIBU CodeMeter Runtime in server mode could gain full access to the affected server via network access without any user interaction. This could lead to remote code execution and escalation of privileges giving full admin access on the host system for an already authenticated user (logged in locally to the PC).
|
1.1.0
|
Security AdvisoryFile and language versions
|
|
|
FSA-202302 - Security Advisory - Several Vulnerabilities in FactoryViews < 1.6.0
FactoryViews bundles many third-party applications which are used in background processes to provide the software's features. From time to time, vulnerabilities in these bundled applications are discovered. These are typically fixed in newer versions of FactoryViews by updating the bundled applications.
The vulnerabilities covered by this advisory have a broad range of impacts ranging from denial-ofservice to disclosure or manipulation/deletion of information. Given the intended purpose of FactoryViews as a didactic tool in controlled lab environments, separate from productive systems, it never comes into contact with sensitive information. Therefore the impact is reduced to limited availability of the system. To further reduce the risk due to loss of information, users should make use of the built-in backup feature to safeguard important configurations needed for lessons.
|
1.0.1
|
Security AdvisoryFile and language versions
|
|
|
FSA-202303 - Security Advisory - Vulnerable Siemens TIA-Portal in several Festo Didactic Products
A vulnerability was reported in Siemens TIA Portal. TIA Portal is part of the installation packages of several Festo Didactic products.
TP 260 before June 2023 and MES PC based on DELL XE3 contain a vulnerable versions of TIA Portal V15 to V18.
Affected products of TIA Portal contain a path traversal vulnerability that could allow the creation or overwrite of arbitrary files in the engineering system.
|
1.0.0
|
Security AdvisoryFile and language versions
|
|
|
FSA-202402 - Security Advisory - Several Vulnerabilities in MES PC (Windows 10)
MES PCs shipped with Windows 10 come pre-installed with XAMPP. XAMPP is a bundle of third-party open-source applications including the Apache HTTP Server, the MariaDB database and more. From time to time, vulnerabilities in these applications are discovered. These are fixed in newer versions of XAMPP by updating the bundled applications.
MES PCs shipped with Windows 10 include a copy of XAMPP which contains around 140 such vulnerabilities listed in this advisory. They can be fixed by replacing XAMPP with Festo Didactic's Factory Control Panel application.
The vulnerabilities covered by this advisory have a broad range of impacts ranging from denial-ofservice to disclosure or manipulation/deletion of information.
Given the intended usage of MES PCs for didactic purposes in controlled lab environments, separate from productive systems, it never comes into contact with sensitive information. Therefore the impact is reduced to limited availability of the system.
|
1.0.0
|
Security AdvisoryFile and language versions
|
|
|
FSA-202405 – Security Advisory - Siemens S7-1500/ET200SP CPU used in Festo Didactic products contain a memory protection bypass vulnerability
Siemens SIMATIC S7-1200 and S7-1500 CPUs have a memory protection bypass vulnerability
Siemens SIMATIC S7-1200 and S7-1500 CPUs contained in various Festo Didactic products contain a memory protection bypass vulnerability that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.
|
1.0.0
|
Security AdvisoryFile and language versions
|
|
|
REACh EC Regulation 1907/2006/EC (REACh) - Festo Didactic SE
Registration, Evaluation, Authorization and Restriction of Chemicals
|
|
Application NoteFile and language versions
|
