In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
History

Mon, 16 Sep 2024 22:30:00 +0000

Type Values Removed Values Added
Description In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.

cve-icon MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2022-06-13T13:45:21.634733Z

Updated: 2024-09-16T22:15:41.158Z

Reserved: 2022-05-06T00:00:00

Link: CVE-2022-30309

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-06-13T14:15:09.163

Modified: 2024-09-16T23:15:55.617

Link: CVE-2022-30309

cve-icon Redhat

No data.