CVE-2022-30309
FESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerability
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
Festo · Controller CECC-X-M1 (4407603)Festo · Controller CECC-X-M1 (8124922)Festo · Controller CECC-X-M1-MV (4407605)Festo · Controller CECC-X-M1-MV (8124923)Festo · Controller CECC-X-M1-MV-S1 (4407606)Festo · Controller CECC-X-M1-MV-S1 (8124924)Festo · Controller CECC-X-M1-YS-L1 (8082793)Festo · Controller CECC-X-M1-YS-L2 (8082794)Festo · Controller CECC-X-M1-Y-YJKP (4803891)Festo · Servo Press Kit YJKP- (8058596)Festo · Servo Press Kit YJKP (8077950)Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →