18 matches found
CISA Releases 18 Industrial Control Systems Advisories
CISA released 18 Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-317-01 Mitsubishi Electric MELSEC iQ-F Series ICSA-25-317-02 AVEVA Application Server IDE ICSA-25-317-03...
EUVD-2022-52261
Malicious code in bioql PyPI...
EUVD-2022-52259
Malicious code in bioql PyPI...
EUVD-2022-52705
Malicious code in bioql PyPI...
EUVD-2022-52260
Malicious code in bioql PyPI...
FESTO Hardware Controller, Hardware Servo Press Kit Improper Neutralization of Special Elements Used in an OS Command (CVE-2022-30311)
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint cecc-x-refresh-request POST request doesn't check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. This plugin...
FESTO Hardware Controller, Hardware Servo Press Kit Improper Neutralization of Special Elements Used in an OS Command (CVE-2022-30308)
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint cecc-x-web-viewer-request-on POST request doesn't check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. This...
FESTO Hardware Controller, Hardware Servo Press Kit
SUMMARY The Festo controller CECC-X-M1 product family in multiple versions are affected by a preauthentication command injection vulnerability. Update A, 2022-07-05 Remediation has been updated. Fixed firmwares are now available. 2. IMPACT Any person who is able to gain access to the webserver...
CVE-2022-30309
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection...
CVE-2022-30308
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection...
CVE-2022-30311
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection...
Command injection
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection...
CVE-2022-30310 FESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerability
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection...
Festo Controller CECC-X-M1 操作系统命令注入漏洞
The Festo Controller CECC-X-M1 is a series of controller devices from Festo, Germany. An operating system command injection vulnerability exists in the Festo Controller CECC-X-M1. An attacker could use this vulnerability to execute system commands with root privileges...
PT-2022-20062 · Festo · Festo Controller Cecc-X-M1
Name of the Vulnerable Software and Affected Versions: Festo Controller CECC-X-M1 product family affected versions not specified Description: The issue is related to the http-endpoint "cecc-x-refresh-request" POST request, which does not check for port syntax. This can result in unauthorized...
Festo Controller CECC-X-M1 操作系统命令注入漏洞
The Festo Controller CECC-X-M1 is a series of controller devices from Festo, Germany. An operating system command injection vulnerability exists in the Festo Controller CECC-X-M1. An attacker could use this vulnerability to execute system commands with root privileges...
CVE-2022-30308
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection...
Festo SBRD-Q/SBOC-Q/SBOI-Q
SUMMARY The affected product families are cameras SBOC/SBOI and the Controller SBRD. The vulnerabilities are located within the Ethernet IP Stack from EIPStackGroup OpENer Ethernet/IP. 2. IMPACT Please consult the CVEs listed above and ICSA-21-105-02. 3. MITIGATION - Minimize network exposure...