3 matches found
CVE-2022-30309
creationtimestamp| type| source ---|---|--- 2022-06-13 18:17:56+00:00| seen| https://t.me/cibsecurity/44295 2022-07-11 12:37:51+00:00| seen| https://t.me/CyberSecurityTechnologies/6376 2025-07-01 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-182-04...
CVE-2022-30309
CVE-2022-30309 affects Festo Controller CECC-X-M1 family. The http-endpoint cecc-x-web-viewer-request-off (POST) does not validate port syntax, enabling unauthorized execution of system commands with root privileges due to improper access control command injection. Public discussions and advisori...
CVE-2022-30309 FESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerability
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection...