CRITICAL🇬🇧 English

CVE-2022-30311

CVSS 9.8v3.1pub. 2022-06-13upd. 2024-11-21

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Festo Controller Cecc X M1

    HW
    Festo
    wszystkie wersje
  • Festo Controller Cecc X M1 Firmware

    OS
    Festo
    4.0.14≤ 3.8.14
  • Festo Controller Cecc X M1 Mv

    HW
    Festo
    wszystkie wersje
  • Festo Controller Cecc X M1 Mv Firmware

    OS
    Festo
    4.0.14≤ 3.8.14
  • Festo Controller Cecc X M1 Mv S1

    HW
    Festo
    wszystkie wersje
  • Festo Controller Cecc X M1 Mv S1 Firmware

    OS
    Festo
    4.0.14≤ 3.8.14
  • Festo Controller Cecc X M1 Ys L1

    HW
    Festo
    wszystkie wersje
  • Festo Controller Cecc X M1 Ys L1 Firmware

    OS
    Festo
    ≤ 3.8.14
  • Festo Controller Cecc X M1 Ys L2

    HW
    Festo
    wszystkie wersje
  • Festo Controller Cecc X M1 Ys L2 Firmware

    OS
    Festo
    ≤ 3.8.14
  • Festo Controller Cecc X M1 Y Yjkp

    HW
    Festo
    wszystkie wersje
  • Festo Controller Cecc X M1 Y Yjkp Firmware

    OS
    Festo
    ≤ 3.8.14
  • Festo Servo Press Kit Yjkp

    HW
    Festo
    wszystkie wersje
  • Festo Servo Press Kit Yjkp

    HW
    Festo
    wszystkie wersje
  • Festo Servo Press Kit Yjkp Firmware

    OS
    Festo
    ≤ 3.8.14
  • Festo Servo Press Kit Yjkp Firmware

    OS
    Festo
    ≤ 3.8.14
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Command Injection
CWE
Referencje

Powiązane podatności

CVE-2022-3270CRITICAL9.8ten sam produkt

In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protoc...

CVE-2022-30308CRITICAL9.8ten sam produkt

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-reques...

CVE-2022-30309CRITICAL9.8ten sam produkt

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-reques...

CVE-2022-30310CRITICAL9.8ten sam produkt

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" ...

CVE-2020-12069HIGH7.8ten sam vendor

In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime ...

CVE-2022-30311 — CRITICAL 9.8 | CVEbaza.pl