In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
History

Mon, 16 Sep 2024 22:45:00 +0000

Type Values Removed Values Added
Description In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.

cve-icon MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2022-06-13T13:45:20.015729Z

Updated: 2024-09-16T22:40:02.831Z

Reserved: 2022-05-06T00:00:00

Link: CVE-2022-30308

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-06-13T14:15:09.097

Modified: 2024-11-21T07:02:32.717

Link: CVE-2022-30308

cve-icon Redhat

No data.