In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
History

Mon, 16 Sep 2024 23:45:00 +0000

Type Values Removed Values Added
Description In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.

cve-icon MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2022-06-13T13:45:24.763817Z

Updated: 2024-09-16T23:41:46.855Z

Reserved: 2022-05-06T00:00:00

Link: CVE-2022-30311

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-06-13T14:15:09.300

Modified: 2024-11-21T07:02:33.180

Link: CVE-2022-30311

cve-icon Redhat

No data.