3 matches found
FESTO Hardware Controller, Hardware Servo Press Kit Improper Neutralization of Special Elements Used in an OS Command (CVE-2022-30308)
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint cecc-x-web-viewer-request-on POST request doesn't check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. This...
CVE-2022-30308
creationtimestamp| type| source ---|---|--- 2022-06-13 18:18:06+00:00| seen| https://t.me/cibsecurity/44301 2022-07-11 12:37:51+00:00| seen| https://t.me/CyberSecurityTechnologies/6376 2022-07-11 22:17:54+00:00| published-proof-of-concept| https://t.me/MrVGunz/325 2025-07-01 10:00:00+00:00| seen|...
CVE-2022-30308
CVE-2022-30308 affects the Festo Controller CECC-X-M1 family. The http-endpoint cecc-x-web-viewer-request-on (and related endpoints) does not validate port syntax in POST requests, enabling unauthorized execution of system commands with root privileges due to improper access control command injec...