In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://cert.vde.com/en/advisories/VDE-2022-020/ |
History
Mon, 16 Sep 2024 22:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. | In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. |
MITRE
Status: PUBLISHED
Assigner: CERTVDE
Published: 2022-06-13T13:45:20.015729Z
Updated: 2024-09-16T22:40:02.831Z
Reserved: 2022-05-06T00:00:00
Link: CVE-2022-30308
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-06-13T14:15:09.097
Modified: 2024-09-16T23:15:55.453
Link: CVE-2022-30308
Redhat
No data.