Unrated severityNVD Advisory· Published Jun 13, 2022· Updated Nov 20, 2024
FESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerability
CVE-2022-30310
Description
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7- Range: 3.0.0
- Range: 4.0.14
4.0.14+ 1 more
- (no CPE)range: 4.0.14
- (no CPE)range: 3.0.0
- Range: 3.0.0
- Festo/Controller CECC-X-M1-Y-YJKP (4803891)v5Range: 3.0.0
Patches
Vulnerability mechanics
References
1- cert.vde.com/en/advisories/VDE-2022-020/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.