CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2024/01/04 12:0 a.m.•20 views

FESTO Hardware Controller, Hardware Servo Press Kit Improper Neutralization of Special Elements Used in an OS Command (CVE-2022-30310)

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint cecc-x-acknerr-request POST request doesn't check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. This plugin...

10CVSS7.4AI score0.01638EPSS

Tenable Nessus•added 2024/01/04 12:0 a.m.•15 views

FESTO Hardware Controller, Hardware Servo Press Kit Improper Neutralization of Special Elements Used in an OS Command (CVE-2022-30311)

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint cecc-x-refresh-request POST request doesn't check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. This plugin...

10CVSS7.4AI score0.00978EPSS

Tenable Nessus•added 2024/01/04 12:0 a.m.•21 views

FESTO Hardware Controller, Hardware Servo Press Kit Improper Neutralization of Special Elements Used in an OS Command (CVE-2022-30308)

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint cecc-x-web-viewer-request-on POST request doesn't check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. This...

10CVSS7.4AI score0.00949EPSS

Tenable Nessus•added 2024/01/04 12:0 a.m.•14 views

FESTO Hardware Controller, Hardware Servo Press Kit Improper Neutralization of Special Elements Used in an OS Command (CVE-2022-30309)

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint cecc-x-web-viewer-request-off POST request doesn't check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. This...

10CVSS7.4AI score0.00978EPSS

NVD•added 2022/06/13 2:15 p.m.•8 views

CVE-2022-30309

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection...

10CVSS0.00978EPSS

NVD•added 2022/06/13 2:15 p.m.•6 views

CVE-2022-30311

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection...

10CVSS0.00978EPSS

OSV•added 2022/06/13 2:15 p.m.•2 views

CVE-2022-30311

9.8CVSS6AI score0.00978EPSS

OSV•added 2022/06/13 2:15 p.m.•2 views

CVE-2022-30308

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection...

9.8CVSS6AI score0.00949EPSS

NVD•added 2022/06/13 2:15 p.m.•9 views

CVE-2022-30310

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection...

10CVSS0.01638EPSS

Prion•added 2022/06/13 2:15 p.m.•16 views

Command injection

10CVSS9.4AI score0.00978EPSS

Prion•added 2022/06/13 2:15 p.m.•12 views

Command injection

10CVSS9.4AI score0.00949EPSS

Prion•added 2022/06/13 2:15 p.m.•14 views

Command injection

10CVSS9.4AI score0.00978EPSS

Prion•added 2022/06/13 2:15 p.m.•10 views

Command injection

10CVSS9.4AI score0.01638EPSS

CVE•added 2022/06/13 1:45 p.m.•69 views

CVE-2022-30311

The CVE-2022-30311 vulnerability affects Festo Controller CECC-X-M1 family where the http endpoint cecc-x-refresh-request (and related endpoints) does not validate port syntax in POST requests, enabling unauthorized command execution with root privileges due to improper access control command inj...

10CVSS9.8AI score0.00978EPSS

Exploits0References1Affected Software1

Cvelist•added 2022/06/13 1:45 p.m.•12 views

CVE-2022-30311 FESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerability

9.8CVSS9.7AI score0.00978EPSS

Vulnrichment•added 2022/06/13 1:45 p.m.•11 views

CVE-2022-30310 FESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerability

9.8CVSS7.6AI score0.01638EPSS

CVE•added 2022/06/13 1:45 p.m.•75 views

CVE-2022-30310

CVE-2022-30310 affects the Festo CECC-X-M1 family. The http-endpoint cecc-x-acknerr-request does not validate port syntax, enabling unauthorized execution of system commands with root privileges via improper access control command injection. Impact is described as remote code execution with root ...

10CVSS9.8AI score0.01638EPSS

Exploits0References1Affected Software1

Cvelist•added 2022/06/13 1:45 p.m.•11 views

CVE-2022-30310 FESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerability

9.8CVSS9.7AI score0.01638EPSS

Cvelist•added 2022/06/13 1:45 p.m.•11 views

CVE-2022-30309 FESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerability

9.8CVSS9.7AI score0.00978EPSS