CVE-2022-30310

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
References
Link Resource
https://cert.vde.com/en/advisories/VDE-2022-020/ Vendor Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:festo:controller_cecc-x-m1_firmware:4.0.14:*:*:*:*:*:*:*
cpe:2.3:o:festo:controller_cecc-x-m1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:festo:controller_cecc-x-m1:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:festo:controller_cecc-x-m1-mv_firmware:4.0.14:*:*:*:*:*:*:*
cpe:2.3:o:festo:controller_cecc-x-m1-mv_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:festo:controller_cecc-x-m1-mv:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:festo:controller_cecc-x-m1-mv-s1_firmware:4.0.14:*:*:*:*:*:*:*
cpe:2.3:o:festo:controller_cecc-x-m1-mv-s1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:festo:controller_cecc-x-m1-mv-s1:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:festo:controller_cecc-x-m1-ys-l1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:festo:controller_cecc-x-m1-ys-l1:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:festo:controller_cecc-x-m1-ys-l2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:festo:controller_cecc-x-m1-ys-l2:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:festo:controller_cecc-x-m1-y-yjkp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:festo:controller_cecc-x-m1-y-yjkp:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:festo:servo_press_kit_yjkp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:festo:servo_press_kit_yjkp:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:festo:servo_press_kit_yjkp-_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:festo:servo_press_kit_yjkp-:-:*:*:*:*:*:*:*

Information

Published : 2022-06-13 07:15

Updated : 2022-09-13 14:32


NVD link : CVE-2022-30310

Mitre link : CVE-2022-30310


JSON object : View

CWE
CWE-863

Incorrect Authorization

Advertisement

dedicated server usa

Products Affected

festo

  • controller_cecc-x-m1-mv
  • servo_press_kit_yjkp-
  • controller_cecc-x-m1_firmware
  • controller_cecc-x-m1-ys-l1_firmware
  • controller_cecc-x-m1-ys-l2
  • servo_press_kit_yjkp_firmware
  • servo_press_kit_yjkp-_firmware
  • controller_cecc-x-m1-mv-s1_firmware
  • controller_cecc-x-m1-y-yjkp
  • controller_cecc-x-m1-ys-l1
  • controller_cecc-x-m1-mv_firmware
  • controller_cecc-x-m1-y-yjkp_firmware
  • controller_cecc-x-m1-mv-s1
  • controller_cecc-x-m1-ys-l2_firmware
  • controller_cecc-x-m1
  • servo_press_kit_yjkp