Vulnerability Details CVE-2022-30308
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.3%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
Products affected by CVE-2022-30308
-
cpe:2.3:h:festo:controller_cecc-x-m1-mv-s1:-
-
cpe:2.3:h:festo:controller_cecc-x-m1-mv:-
-
cpe:2.3:h:festo:controller_cecc-x-m1-y-yjkp:-
-
cpe:2.3:h:festo:controller_cecc-x-m1-ys-l1:-
-
cpe:2.3:h:festo:controller_cecc-x-m1-ys-l2:-
-
cpe:2.3:h:festo:controller_cecc-x-m1:-
-
cpe:2.3:h:festo:servo_press_kit_yjkp-:-
-
cpe:2.3:h:festo:servo_press_kit_yjkp:-
-
cpe:2.3:o:festo:controller_cecc-x-m1-mv-s1_firmware:-
-
cpe:2.3:o:festo:controller_cecc-x-m1-mv-s1_firmware:3.8.14
-
cpe:2.3:o:festo:controller_cecc-x-m1-mv-s1_firmware:4.0.14
-
cpe:2.3:o:festo:controller_cecc-x-m1-mv_firmware:-
-
cpe:2.3:o:festo:controller_cecc-x-m1-mv_firmware:3.8.14
-
cpe:2.3:o:festo:controller_cecc-x-m1-mv_firmware:4.0.14
-
cpe:2.3:o:festo:controller_cecc-x-m1-y-yjkp_firmware:-
-
cpe:2.3:o:festo:controller_cecc-x-m1-y-yjkp_firmware:3.8.14
-
cpe:2.3:o:festo:controller_cecc-x-m1-ys-l1_firmware:-
-
cpe:2.3:o:festo:controller_cecc-x-m1-ys-l1_firmware:3.8.14
-
cpe:2.3:o:festo:controller_cecc-x-m1-ys-l2_firmware:-
-
cpe:2.3:o:festo:controller_cecc-x-m1-ys-l2_firmware:3.8.14
-
cpe:2.3:o:festo:controller_cecc-x-m1_firmware:-
-
cpe:2.3:o:festo:controller_cecc-x-m1_firmware:3.8.14
-
cpe:2.3:o:festo:controller_cecc-x-m1_firmware:4.0.14
-
cpe:2.3:o:festo:servo_press_kit_yjkp-_firmware:-
-
cpe:2.3:o:festo:servo_press_kit_yjkp-_firmware:3.8.14
-
cpe:2.3:o:festo:servo_press_kit_yjkp_firmware:-
-
cpe:2.3:o:festo:servo_press_kit_yjkp_firmware:3.8.14