Vulnerability Details CVE-2022-30309
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.1%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
Products affected by CVE-2022-30309
-
cpe:2.3:h:festo:controller_cecc-x-m1-mv-s1:-
-
cpe:2.3:h:festo:controller_cecc-x-m1-mv:-
-
cpe:2.3:h:festo:controller_cecc-x-m1-y-yjkp:-
-
cpe:2.3:h:festo:controller_cecc-x-m1-ys-l1:-
-
cpe:2.3:h:festo:controller_cecc-x-m1-ys-l2:-
-
cpe:2.3:h:festo:controller_cecc-x-m1:-
-
cpe:2.3:h:festo:servo_press_kit_yjkp-:-
-
cpe:2.3:h:festo:servo_press_kit_yjkp:-
-
cpe:2.3:o:festo:controller_cecc-x-m1-mv-s1_firmware:-
-
cpe:2.3:o:festo:controller_cecc-x-m1-mv-s1_firmware:3.8.14
-
cpe:2.3:o:festo:controller_cecc-x-m1-mv-s1_firmware:4.0.14
-
cpe:2.3:o:festo:controller_cecc-x-m1-mv_firmware:-
-
cpe:2.3:o:festo:controller_cecc-x-m1-mv_firmware:3.8.14
-
cpe:2.3:o:festo:controller_cecc-x-m1-mv_firmware:4.0.14
-
cpe:2.3:o:festo:controller_cecc-x-m1-y-yjkp_firmware:-
-
cpe:2.3:o:festo:controller_cecc-x-m1-y-yjkp_firmware:3.8.14
-
cpe:2.3:o:festo:controller_cecc-x-m1-ys-l1_firmware:-
-
cpe:2.3:o:festo:controller_cecc-x-m1-ys-l1_firmware:3.8.14
-
cpe:2.3:o:festo:controller_cecc-x-m1-ys-l2_firmware:-
-
cpe:2.3:o:festo:controller_cecc-x-m1-ys-l2_firmware:3.8.14
-
cpe:2.3:o:festo:controller_cecc-x-m1_firmware:-
-
cpe:2.3:o:festo:controller_cecc-x-m1_firmware:3.8.14
-
cpe:2.3:o:festo:controller_cecc-x-m1_firmware:4.0.14
-
cpe:2.3:o:festo:servo_press_kit_yjkp-_firmware:-
-
cpe:2.3:o:festo:servo_press_kit_yjkp-_firmware:3.8.14
-
cpe:2.3:o:festo:servo_press_kit_yjkp_firmware:-
-
cpe:2.3:o:festo:servo_press_kit_yjkp_firmware:3.8.14