CVSS: 10.0EPSS: 0%CPEs: 19EXPL: 0CVE-2022-30311 – FESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerability
https://notcve.org/view.php?id=CVE-2022-30311
13 Jun 2022 — In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. En la familia de productos CECC-X-M1 de Festo en varias versiones, la petición POST del endpoint http "cecc-x-refresh-request" no comprueba la sintaxis del puerto. Esto puede resultar en una ejecución no autorizada de comandos... • https://cert.vde.com/en/advisories/VDE-2022-020 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 1%CPEs: 19EXPL: 0CVE-2022-30310 – FESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerability
https://notcve.org/view.php?id=CVE-2022-30310
13 Jun 2022 — In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. En la familia de productos CECC-X-M1 de Festo en varias versiones, la petición POST del endpoint http "cecc-x-acknerr-request" no comprueba la sintaxis del puerto. Esto puede resultar en una ejecución no autorizada de comandos... • https://cert.vde.com/en/advisories/VDE-2022-020 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 0%CPEs: 19EXPL: 0CVE-2022-30309 – FESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerability
https://notcve.org/view.php?id=CVE-2022-30309
13 Jun 2022 — In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. En la familia de productos CECC-X-M1 de Festo en varias versiones, la petición POST del endpoint http "cecc-x-web-viewer-request-off" no comprueba la sintaxis del puerto. Esto puede resultar en una ejecución no autoriza... • https://cert.vde.com/en/advisories/VDE-2022-020 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 0%CPEs: 19EXPL: 0CVE-2022-30308 – FESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerability
https://notcve.org/view.php?id=CVE-2022-30308
13 Jun 2022 — In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. En la familia de productos CECC-X-M1 de Festo en varias versiones, la petición POST del endpoint http "cecc-x-web-viewer-request-on" no comprueba la sintaxis del puerto. Esto puede resultar en la ejecución no autorizada ... • https://cert.vde.com/en/advisories/VDE-2022-020 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-863: Incorrect Authorization •