In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://cert.vde.com/en/advisories/VDE-2022-020/ |
History
Mon, 16 Sep 2024 23:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. | In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. |
MITRE
Status: PUBLISHED
Assigner: CERTVDE
Published: 2022-06-13T13:45:24.763817Z
Updated: 2024-09-16T23:41:46.855Z
Reserved: 2022-05-06T00:00:00
Link: CVE-2022-30311
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-06-13T14:15:09.300
Modified: 2024-11-21T07:02:33.180
Link: CVE-2022-30311
Redhat
No data.