CVE-2022-30309
13.06.2022, 14:15
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesnt check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
Vendor | Product | Version |
---|---|---|
festo | controller_cecc-x-m1_firmware | 𝑥 ≤ 3.8.14 |
festo | controller_cecc-x-m1_firmware | 4.0.14 |
festo | controller_cecc-x-m1-mv_firmware | 𝑥 ≤ 3.8.14 |
festo | controller_cecc-x-m1-mv_firmware | 4.0.14 |
festo | controller_cecc-x-m1-mv-s1_firmware | 𝑥 ≤ 3.8.14 |
festo | controller_cecc-x-m1-mv-s1_firmware | 4.0.14 |
festo | controller_cecc-x-m1-ys-l1_firmware | 𝑥 ≤ 3.8.14 |
festo | controller_cecc-x-m1-ys-l2_firmware | 𝑥 ≤ 3.8.14 |
festo | controller_cecc-x-m1-y-yjkp_firmware | 𝑥 ≤ 3.8.14 |
festo | servo_press_kit_yjkp_firmware | 𝑥 ≤ 3.8.14 |
festo | servo_press_kit_yjkp-_firmware | 𝑥 ≤ 3.8.14 |
𝑥
= Vulnerable software versions