CVSS 9.33 sources verified·1 min read
By Lyrie Threat Intelligence·5/6/2026
CRITICAL: CVE-2014-0760 (CVSS 9.3) — 3s-software codesys runtime system
CVE: CVE-2014-0760
CVSS: 9.3 (2.0) — AV:N/AC:M/Au:N/C:C/I:C/A:C
Severity: CRITICAL
Status: Critical advisory
Affected
- 3s-software codesys runtime system
- festo cecx-x-c1 modular master controller
- softmotion3d softmotion
- festo cecx-x-m1 modular controller
Summary
The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1
Modular Controller with CoDeSys and SoftMotion provide an undocumented
access method involving the FTP protocol, which could allow a remote attacker to execute arbitrary code or cause a denial of service (application
crash) via unspecified vectors.
Verified Sources
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-14-084-01
- http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01
_Validated by the Lyrie Threat Intelligence Pipeline — 3 independent sources confirmed before publication. No speculation._
Lyrie Verdict
A vulnerability of this severity is exactly what Lyrie's anti-rogue-AI defense is built for: continuous, autonomous monitoring that doesn't wait for human reaction time.
Validated sources
- [1]NVD
- [2]GitHub Advisory
- [3]MITRE