Description
In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which could lead to a complete loss of confidentiality, integrity and availability.
Published: 2026-04-16
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Complete System Compromise
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is caused by incomplete user documentation that lets a remote authenticated, low‑privileged user invoke undocumented test‑mode functions on Festo MSE6 devices, potentially leading to a total loss of confidentiality, integrity, and availability. This weakness is identified as CWE‑1242.

Affected Systems

Affected products are the Festo MSE6‑C2M 5000 family with firmware variants FB36, FB43, and FB44; the MSE6‑D2M 5000 CBUS‑S series; and the MSE6‑E2M 5000 line with firmware FB13, FB36, FB37, FB43, and FB44. No further version ranges are specified beyond these firmware identifiers.

Risk and Exploitability

With a CVSS base score of 8.8 the issue is classified as high severity, and the EPSS score is not available. It is not listed in the CISA KEV catalog. Exploitation requires remote authentication at a low‑privileged level, meaning that legitimate users with limited access could potentially activate hidden test functions and compromise the entire system. The undocumented nature of the functions does not reduce the risk; a properly authenticated attacker can immediately use the functions and cause full system compromise.

Generated by OpenCVE AI on April 16, 2026 at 08:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Deploy the latest firmware update or patch from Festo that addresses the undocumented test‑mode functions.
  • Remove or restrict low‑privileged user accounts from having access to the device’s management interface, applying the principle of least privilege.
  • Block network traffic to the device’s test‑mode or management ports using firewall rules or network segmentation to prevent remote invocation.
  • Monitor device logs for any use of test‑mode functions and investigate anomalous activity promptly.

Generated by OpenCVE AI on April 16, 2026 at 08:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 16 Apr 2026 09:30:00 +0000

Type Values Removed Values Added
First Time appeared Festo mse6-c2m-5000-fb36-d-m-rg-bar-m12l4-agd
Festo mse6-c2m-5000-fb36-d-m-rg-bar-m12l5-agd
Festo mse6-c2m-5000-fb43-d-m-rg-bar-m12l4-mq1-agd
Festo mse6-c2m-5000-fb43-d-m-rg-bar-m12l5-mq1-agd
Festo mse6-c2m-5000-fb44-d-m-rg-bar-ami-agd
Festo mse6-c2m-5000-fb44-d-rg-bar-ami-agd
Festo mse6-d2m-5000-cbus-s-rg-bar-vcb-agd
Festo mse6-e2m-5000-fb13-agd
Festo mse6-e2m-5000-fb36-agd
Festo mse6-e2m-5000-fb37-agd
Festo mse6-e2m-5000-fb43-agd
Festo mse6-e2m-5000-fb44-agd
Vendors & Products Festo mse6-c2m-5000-fb36-d-m-rg-bar-m12l4-agd
Festo mse6-c2m-5000-fb36-d-m-rg-bar-m12l5-agd
Festo mse6-c2m-5000-fb43-d-m-rg-bar-m12l4-mq1-agd
Festo mse6-c2m-5000-fb43-d-m-rg-bar-m12l5-mq1-agd
Festo mse6-c2m-5000-fb44-d-m-rg-bar-ami-agd
Festo mse6-c2m-5000-fb44-d-rg-bar-ami-agd
Festo mse6-d2m-5000-cbus-s-rg-bar-vcb-agd
Festo mse6-e2m-5000-fb13-agd
Festo mse6-e2m-5000-fb36-agd
Festo mse6-e2m-5000-fb37-agd
Festo mse6-e2m-5000-fb43-agd
Festo mse6-e2m-5000-fb44-agd

Thu, 16 Apr 2026 05:00:00 +0000

Type Values Removed Values Added
Description In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which could lead to a complete loss of confidentiality, integrity and availability.
Title Festo: MSE6-C2M/D2M/E2M Incomplete User Documentation of Remote Accessible Functions
First Time appeared Festo
Festo mse6-c2m-5000-fb36-d-m-rg-bar-m12l4-agd Firmware
Festo mse6-c2m-5000-fb36-d-m-rg-bar-m12l5-agd Firmware
Festo mse6-c2m-5000-fb43-d-m-rg-bar-m12l4-mq1-agd Firmware
Festo mse6-c2m-5000-fb43-d-m-rg-bar-m12l5-mq1-agd Firmware
Festo mse6-c2m-5000-fb44-d-m-rg-bar-ami-agd Firmware
Festo mse6-c2m-5000-fb44-d-rg-bar-ami-agd Firmware
Festo mse6-d2m-5000-cbus-s-rg-bar-vcb-agd Firmware
Festo mse6-e2m-5000-fb13-agd Firmware
Festo mse6-e2m-5000-fb36-agd Firmware
Festo mse6-e2m-5000-fb37-agd Firmware
Festo mse6-e2m-5000-fb43-agd Firmware
Festo mse6-e2m-5000-fb44-agd Firmware
Weaknesses CWE-1242
CPEs cpe:2.3:o:festo:mse6-c2m-5000-fb36-d-m-rg-bar-m12l4-agd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:festo:mse6-c2m-5000-fb36-d-m-rg-bar-m12l5-agd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:festo:mse6-c2m-5000-fb43-d-m-rg-bar-m12l4-mq1-agd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:festo:mse6-c2m-5000-fb43-d-m-rg-bar-m12l5-mq1-agd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:festo:mse6-c2m-5000-fb44-d-m-rg-bar-ami-agd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:festo:mse6-c2m-5000-fb44-d-rg-bar-ami-agd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:festo:mse6-d2m-5000-cbus-s-rg-bar-vcb-agd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:festo:mse6-e2m-5000-fb13-agd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:festo:mse6-e2m-5000-fb36-agd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:festo:mse6-e2m-5000-fb37-agd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:festo:mse6-e2m-5000-fb43-agd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:festo:mse6-e2m-5000-fb44-agd_firmware:*:*:*:*:*:*:*:*
Vendors & Products Festo
Festo mse6-c2m-5000-fb36-d-m-rg-bar-m12l4-agd Firmware
Festo mse6-c2m-5000-fb36-d-m-rg-bar-m12l5-agd Firmware
Festo mse6-c2m-5000-fb43-d-m-rg-bar-m12l4-mq1-agd Firmware
Festo mse6-c2m-5000-fb43-d-m-rg-bar-m12l5-mq1-agd Firmware
Festo mse6-c2m-5000-fb44-d-m-rg-bar-ami-agd Firmware
Festo mse6-c2m-5000-fb44-d-rg-bar-ami-agd Firmware
Festo mse6-d2m-5000-cbus-s-rg-bar-vcb-agd Firmware
Festo mse6-e2m-5000-fb13-agd Firmware
Festo mse6-e2m-5000-fb36-agd Firmware
Festo mse6-e2m-5000-fb37-agd Firmware
Festo mse6-e2m-5000-fb43-agd Firmware
Festo mse6-e2m-5000-fb44-agd Firmware
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Festo Mse6-c2m-5000-fb36-d-m-rg-bar-m12l4-agd Mse6-c2m-5000-fb36-d-m-rg-bar-m12l4-agd Firmware Mse6-c2m-5000-fb36-d-m-rg-bar-m12l5-agd Mse6-c2m-5000-fb36-d-m-rg-bar-m12l5-agd Firmware Mse6-c2m-5000-fb43-d-m-rg-bar-m12l4-mq1-agd Mse6-c2m-5000-fb43-d-m-rg-bar-m12l4-mq1-agd Firmware Mse6-c2m-5000-fb43-d-m-rg-bar-m12l5-mq1-agd Mse6-c2m-5000-fb43-d-m-rg-bar-m12l5-mq1-agd Firmware Mse6-c2m-5000-fb44-d-m-rg-bar-ami-agd Mse6-c2m-5000-fb44-d-m-rg-bar-ami-agd Firmware Mse6-c2m-5000-fb44-d-rg-bar-ami-agd Mse6-c2m-5000-fb44-d-rg-bar-ami-agd Firmware Mse6-d2m-5000-cbus-s-rg-bar-vcb-agd Mse6-d2m-5000-cbus-s-rg-bar-vcb-agd Firmware Mse6-e2m-5000-fb13-agd Mse6-e2m-5000-fb13-agd Firmware Mse6-e2m-5000-fb36-agd Mse6-e2m-5000-fb36-agd Firmware Mse6-e2m-5000-fb37-agd Mse6-e2m-5000-fb37-agd Firmware Mse6-e2m-5000-fb43-agd Mse6-e2m-5000-fb43-agd Firmware Mse6-e2m-5000-fb44-agd Mse6-e2m-5000-fb44-agd Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published:

Updated: 2026-04-16T13:51:55.114Z

Reserved: 2023-07-12T12:07:06.056Z

Link: CVE-2023-3634

cve-icon Vulnrichment

Updated: 2026-04-16T13:51:30.706Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-16T05:16:12.090

Modified: 2026-04-17T15:38:09.243

Link: CVE-2023-3634

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T09:11:53Z

Weaknesses