VDB
ICSA-25-273-04
ICSA-25-273-04
PUBLISHED
CVSS 8.100000381469727 HIGH
Successful exploitation of these vulnerabilities could allow an attacker to crash services, escalate privileges, bypass authentication, or gain unauthorized access to sensitive systems and data.
Risk Scores
CVSS v3.1
8.100000381469727
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Festo Festo Firmware (R06 (11.10.2016) = 2.3.8.1) installed on Festo Hardware Controller CECC-S (All versions): vers:all/* | ||
| Festo Festo Firmware (R05 (17.06.2016) = 2.3.8.0) installed on Festo Hardware Controller CECC-D (All versions): vers:all/* | ||
| Festo Festo Firmware (R06 (11.10.2016) = 2.3.8.1) installed on Festo Hardware Controller CECC-LK (All versions): vers:all/* | ||
| Festo Festo Firmware (R05 (17.06.2016) = 2.3.8.0) installed on Festo Hardware Controller CECC-S (All versions): vers:all/* |
Timeline
- Sep 30, 2025 CVE Published
- Nov 13, 2025 CVE Updated
References
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-273-04.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-273-04 advisory
- https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
- https://www.cisa.gov/topics/industrial-control-systems url
- https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf url
- https://www.cisa.gov/uscert/ncas/tips/ST04-014 url
- https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B url
- https://certvde.com/en/advisories/VDE-2022-022/ fix
- https://festo.csaf-tp.certvde.com/.well-known/csaf/white/2022/fsa-202202.json fix