Festo: >> Controller Cecc-X-M1-Mv-S1 Firmware >> 3.8.14 Security Vulnerabilities
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-06-13
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
CVSS Score
9.8
EPSS Score
0.007
Published
2022-06-13
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
CVSS Score
9.8
EPSS Score
0.009
Published
2022-06-13
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
CVSS Score
9.8
EPSS Score
0.005
Published
2022-06-13