Festo: >> Controller Cecc-X-M1-Ys-L2 Firmware Security Vulnerabilities
In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protocol which could lead to a complete loss of confidentiality, integrity and availability.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-12-01
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-06-13
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
CVSS Score
9.8
EPSS Score
0.005
Published
2022-06-13
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
CVSS Score
9.8
EPSS Score
0.011
Published
2022-06-13
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
CVSS Score
9.8
EPSS Score
0.005
Published
2022-06-13