In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
History

Wed, 20 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 16 Sep 2024 22:30:00 +0000

Type Values Removed Values Added
Description In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.

cve-icon MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2022-06-13T13:45:23.105104Z

Updated: 2024-11-20T15:21:04.526Z

Reserved: 2022-05-06T00:00:00

Link: CVE-2022-30310

cve-icon Vulnrichment

Updated: 2024-08-03T06:48:35.696Z

cve-icon NVD

Status : Modified

Published: 2022-06-13T14:15:09.227

Modified: 2024-11-21T07:02:33.033

Link: CVE-2022-30310

cve-icon Redhat

No data.