In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://cert.vde.com/en/advisories/VDE-2022-020/ |
History
Mon, 16 Sep 2024 22:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. | In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. |
MITRE
Status: PUBLISHED
Assigner: CERTVDE
Published: 2022-06-13T13:45:21.634733Z
Updated: 2024-09-16T22:15:41.158Z
Reserved: 2022-05-06T00:00:00
Link: CVE-2022-30309
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-06-13T14:15:09.163
Modified: 2024-11-21T07:02:32.870
Link: CVE-2022-30309
Redhat
No data.