In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://cert.vde.com/en/advisories/VDE-2022-020/ |
History
Wed, 20 Nov 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 16 Sep 2024 22:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. | In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. |
MITRE
Status: PUBLISHED
Assigner: CERTVDE
Published: 2022-06-13T13:45:23.105104Z
Updated: 2024-11-20T15:21:04.526Z
Reserved: 2022-05-06T00:00:00
Link: CVE-2022-30310
Vulnrichment
Updated: 2024-08-03T06:48:35.696Z
NVD
Status : Modified
Published: 2022-06-13T14:15:09.227
Modified: 2024-11-21T07:02:33.033
Link: CVE-2022-30310
Redhat
No data.