CRITICAL🇵🇱 Wersja polska

CVE-2022-30310

CVSS 9.8v3.1pub. 2022-06-13upd. 2024-11-21

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Festo Controller Cecc X M1

    HW
    Festo
    wszystkie wersje
  • Festo Controller Cecc X M1 Firmware

    OS
    Festo
    4.0.14≤ 3.8.14
  • Festo Controller Cecc X M1 Mv

    HW
    Festo
    wszystkie wersje
  • Festo Controller Cecc X M1 Mv Firmware

    OS
    Festo
    4.0.14≤ 3.8.14
  • Festo Controller Cecc X M1 Mv S1

    HW
    Festo
    wszystkie wersje
  • Festo Controller Cecc X M1 Mv S1 Firmware

    OS
    Festo
    4.0.14≤ 3.8.14
  • Festo Controller Cecc X M1 Ys L1

    HW
    Festo
    wszystkie wersje
  • Festo Controller Cecc X M1 Ys L1 Firmware

    OS
    Festo
    ≤ 3.8.14
  • Festo Controller Cecc X M1 Ys L2

    HW
    Festo
    wszystkie wersje
  • Festo Controller Cecc X M1 Ys L2 Firmware

    OS
    Festo
    ≤ 3.8.14
  • Festo Controller Cecc X M1 Y Yjkp

    HW
    Festo
    wszystkie wersje
  • Festo Controller Cecc X M1 Y Yjkp Firmware

    OS
    Festo
    ≤ 3.8.14
  • Festo Servo Press Kit Yjkp

    HW
    Festo
    wszystkie wersje
  • Festo Servo Press Kit Yjkp

    HW
    Festo
    wszystkie wersje
  • Festo Servo Press Kit Yjkp Firmware

    OS
    Festo
    ≤ 3.8.14
  • Festo Servo Press Kit Yjkp Firmware

    OS
    Festo
    ≤ 3.8.14
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2022-3270CRITICAL9.8ten sam produkt

In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protoc...

CVE-2022-30308CRITICAL9.8ten sam produkt

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-reques...

CVE-2022-30309CRITICAL9.8ten sam produkt

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-reques...

CVE-2022-30311CRITICAL9.8ten sam produkt

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" ...

CVE-2020-12069HIGH7.8ten sam vendor

In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime ...