CVE-2022-30310 (GCVE-0-2022-30310)
Vulnerability from cvelistv5 – Published: 2022-06-13 13:45 – Updated: 2024-11-20 15:21
VLAI
Title
FESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerability
Summary
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
Severity
9.8 (Critical)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert.vde.com/en/advisories/VDE-2022-020/ | x_refsource_CONFIRM |
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| Festo | Controller CECC-X-M1 (4407603) |
Affected:
3.0.0 , ≤ 3.8.14
(custom)
|
|
| Festo | Controller CECC-X-M1 (8124922) |
Affected:
4.0.14
|
|
| Festo | Controller CECC-X-M1-MV (4407605) |
Affected:
3.0.0 , ≤ 3.8.14
(custom)
|
|
| Festo | Controller CECC-X-M1-MV (8124923) |
Affected:
4.0.14
|
|
| Festo | Controller CECC-X-M1-MV-S1 (4407606) |
Affected:
3.0.0 , ≤ 3.8.14
(custom)
|
|
| Festo | Controller CECC-X-M1-MV-S1 (8124924) |
Affected:
4.0.14
|
|
| Festo | Controller CECC-X-M1-YS-L1 (8082793) |
Affected:
3.0.0 , ≤ 3.8.14
(custom)
|
|
| Festo | Controller CECC-X-M1-YS-L2 (8082794) |
Affected:
3.0.0 , ≤ 3.8.14
(custom)
|
|
| Festo | Controller CECC-X-M1-Y-YJKP (4803891) |
Affected:
3.0.0 , ≤ 3.8.14
(custom)
|
|
| Festo | Servo Press Kit YJKP (8077950) |
Affected:
3.0.0 , ≤ 3.8.14
(custom)
|
|
| Festo | Servo Press Kit YJKP- (8058596) |
Affected:
3.0.0 , ≤ 3.8.14
(custom)
|
Date Public
2022-06-07 22:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:48:35.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-020/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-30310",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-16T16:41:19.148257Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T15:21:04.526Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Controller CECC-X-M1 (4407603)",
"vendor": "Festo",
"versions": [
{
"lessThanOrEqual": "3.8.14",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Controller CECC-X-M1 (8124922)",
"vendor": "Festo",
"versions": [
{
"status": "affected",
"version": "4.0.14"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Controller CECC-X-M1-MV (4407605)",
"vendor": "Festo",
"versions": [
{
"lessThanOrEqual": "3.8.14",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Controller CECC-X-M1-MV (8124923)",
"vendor": "Festo",
"versions": [
{
"status": "affected",
"version": "4.0.14"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Controller CECC-X-M1-MV-S1 (4407606)",
"vendor": "Festo",
"versions": [
{
"lessThanOrEqual": "3.8.14",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Controller CECC-X-M1-MV-S1 (8124924)",
"vendor": "Festo",
"versions": [
{
"status": "affected",
"version": "4.0.14"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Controller CECC-X-M1-YS-L1 (8082793)",
"vendor": "Festo",
"versions": [
{
"lessThanOrEqual": "3.8.14",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Controller CECC-X-M1-YS-L2 (8082794)",
"vendor": "Festo",
"versions": [
{
"lessThanOrEqual": "3.8.14",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Controller CECC-X-M1-Y-YJKP (4803891)",
"vendor": "Festo",
"versions": [
{
"lessThanOrEqual": "3.8.14",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Servo Press Kit YJKP (8077950)",
"vendor": "Festo",
"versions": [
{
"lessThanOrEqual": "3.8.14",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Servo Press Kit YJKP- (8058596)",
"vendor": "Festo",
"versions": [
{
"lessThanOrEqual": "3.8.14",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Q. Kaiser, M. Illes from ONEKEY Research Labs for reported to Festo"
}
],
"datePublic": "2022-06-07T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint \u0026quot;cecc-x-acknerr-request\u0026quot; POST request doesn\u2019t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.\u003c/p\u003e"
}
],
"value": "In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint \"cecc-x-acknerr-request\" POST request doesn\u2019t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-10T07:35:23.988Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-020/"
}
],
"source": {
"advisory": "VDE-2022-020",
"discovery": "EXTERNAL"
},
"title": "FESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-06-08T08:00:00.000Z",
"ID": "CVE-2022-30310",
"STATE": "PUBLIC",
"TITLE": "FESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Controller CECC-X-M1 (4407603)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.0.0",
"version_value": "3.8.14"
}
]
}
},
{
"product_name": "Controller CECC-X-M1 (8124922)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "4.0.14",
"version_value": "4.0.14"
}
]
}
},
{
"product_name": "Controller CECC-X-M1-MV (4407605)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.0.0",
"version_value": "3.8.14"
}
]
}
},
{
"product_name": "Controller CECC-X-M1-MV (8124923)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "4.0.14",
"version_value": "4.0.14"
}
]
}
},
{
"product_name": "Controller CECC-X-M1-MV-S1 (4407606)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.0.0",
"version_value": "3.8.14"
}
]
}
},
{
"product_name": "Controller CECC-X-M1-MV-S1 (8124924)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "4.0.14",
"version_value": "4.0.14"
}
]
}
},
{
"product_name": "Controller CECC-X-M1-YS-L1 (8082793)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.0.0",
"version_value": "3.8.14"
}
]
}
},
{
"product_name": "Controller CECC-X-M1-YS-L2 (8082794)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.0.0",
"version_value": "3.8.14"
}
]
}
},
{
"product_name": "Controller CECC-X-M1-Y-YJKP (4803891)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.0.0",
"version_value": "3.8.14"
}
]
}
},
{
"product_name": "Servo Press Kit YJKP (8077950)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.0.0",
"version_value": "3.8.14"
}
]
}
},
{
"product_name": "Servo Press Kit YJKP- (8058596)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.0.0",
"version_value": "3.8.14"
}
]
}
}
]
},
"vendor_name": "Festo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Q. Kaiser, M. Illes from ONEKEY Research Labs for reported to Festo"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint \"cecc-x-acknerr-request\" POST request doesn\u2019t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2022-020/",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2022-020/"
}
]
},
"source": {
"advisory": "VDE-2022-020",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-30310",
"datePublished": "2022-06-13T13:45:23.105Z",
"dateReserved": "2022-05-06T00:00:00.000Z",
"dateUpdated": "2024-11-20T15:21:04.526Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-30310",
"date": "2026-05-27",
"epss": "0.01638",
"percentile": "0.82185"
},
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:festo:controller_cecc-x-m1_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.8.14\", \"matchCriteriaId\": \"F146DE3D-9970-4732-9ECC-7562902BD228\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:festo:controller_cecc-x-m1_firmware:4.0.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F2DB1CA3-3E7A-4643-9654-CA5CB83FEF32\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:festo:controller_cecc-x-m1:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"65A6F168-897E-4300-9C87-B987EA538473\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:festo:controller_cecc-x-m1-mv_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.8.14\", \"matchCriteriaId\": \"C3E5C5DE-4CB0-4C9D-BCFD-BCC45BF46038\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:festo:controller_cecc-x-m1-mv_firmware:4.0.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DD5E3B15-B678-4B06-B6CC-03A5216A21C7\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:festo:controller_cecc-x-m1-mv:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DE2D43FB-F307-4F7E-8DEF-F026ACE110CF\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:festo:controller_cecc-x-m1-mv-s1_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.8.14\", \"matchCriteriaId\": \"EC667C12-0861-4B84-B728-0F200644FCE2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:festo:controller_cecc-x-m1-mv-s1_firmware:4.0.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4121C15B-B880-468E-B9F0-7C8073AB3411\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:festo:controller_cecc-x-m1-mv-s1:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6AA08A0C-ADD6-4683-90E8-21D537E1E19B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:festo:controller_cecc-x-m1-ys-l1_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.8.14\", \"matchCriteriaId\": \"390BAAB8-93B3-40DE-B198-EA203A61DB39\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:festo:controller_cecc-x-m1-ys-l1:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"81C720A3-8847-487A-917C-E9863ABC8690\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:festo:controller_cecc-x-m1-ys-l2_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.8.14\", \"matchCriteriaId\": \"B0611087-C956-4F88-8238-AAE3F9AA12DC\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:festo:controller_cecc-x-m1-ys-l2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C95A7B4C-C5BA-4C57-96A2-BB435ADE1ED8\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:festo:controller_cecc-x-m1-y-yjkp_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.8.14\", \"matchCriteriaId\": \"ECC3B011-E51F-4E33-84AD-7D85899D20BA\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:festo:controller_cecc-x-m1-y-yjkp:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C7F3C797-DE05-4FBC-A3BE-08548B746374\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:festo:servo_press_kit_yjkp_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.8.14\", \"matchCriteriaId\": \"8A787347-8CA6-4A3F-88FE-7086C0BDE2D3\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:festo:servo_press_kit_yjkp:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D75AC25-3E04-49B0-B727-060933EC006D\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:festo:servo_press_kit_yjkp-_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.8.14\", \"matchCriteriaId\": \"54931207-EBF7-4E8D-B480-48FA17AE94B0\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:festo:servo_press_kit_yjkp-:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A390CCD1-9EAD-4021-9816-D4508B72467F\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint \\\"cecc-x-acknerr-request\\\" POST request doesn\\u2019t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.\"}, {\"lang\": \"es\", \"value\": \"En la familia de productos CECC-X-M1 de Festo en varias versiones, la petici\\u00f3n POST del endpoint http \\\"cecc-x-acknerr-request\\\" no comprueba la sintaxis del puerto. Esto puede resultar en una ejecuci\\u00f3n no autorizada de comandos del sistema con privilegios de root debido a una inyecci\\u00f3n de comandos de control de acceso inapropiados\"}]",
"id": "CVE-2022-30310",
"lastModified": "2024-11-21T07:02:33.033",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"info@cert.vde.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2022-06-13T14:15:09.227",
"references": "[{\"url\": \"https://cert.vde.com/en/advisories/VDE-2022-020/\", \"source\": \"info@cert.vde.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://cert.vde.com/en/advisories/VDE-2022-020/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"info@cert.vde.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}, {\"lang\": \"en\", \"value\": \"CWE-863\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}, {\"lang\": \"en\", \"value\": \"CWE-863\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-30310\",\"sourceIdentifier\":\"info@cert.vde.com\",\"published\":\"2022-06-13T14:15:09.227\",\"lastModified\":\"2024-11-21T07:02:33.033\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint \\\"cecc-x-acknerr-request\\\" POST request doesn\u2019t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.\"},{\"lang\":\"es\",\"value\":\"En la familia de productos CECC-X-M1 de Festo en varias versiones, la petici\u00f3n POST del endpoint http \\\"cecc-x-acknerr-request\\\" no comprueba la sintaxis del puerto. Esto puede resultar en una ejecuci\u00f3n no autorizada de comandos del sistema con privilegios de root debido a una inyecci\u00f3n de comandos de control de acceso inapropiados\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"},{\"lang\":\"en\",\"value\":\"CWE-863\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"},{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:festo:controller_cecc-x-m1_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.8.14\",\"matchCriteriaId\":\"F146DE3D-9970-4732-9ECC-7562902BD228\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:festo:controller_cecc-x-m1_firmware:4.0.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2DB1CA3-3E7A-4643-9654-CA5CB83FEF32\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:festo:controller_cecc-x-m1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65A6F168-897E-4300-9C87-B987EA538473\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:festo:controller_cecc-x-m1-mv_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.8.14\",\"matchCriteriaId\":\"C3E5C5DE-4CB0-4C9D-BCFD-BCC45BF46038\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:festo:controller_cecc-x-m1-mv_firmware:4.0.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD5E3B15-B678-4B06-B6CC-03A5216A21C7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:festo:controller_cecc-x-m1-mv:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE2D43FB-F307-4F7E-8DEF-F026ACE110CF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:festo:controller_cecc-x-m1-mv-s1_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.8.14\",\"matchCriteriaId\":\"EC667C12-0861-4B84-B728-0F200644FCE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:festo:controller_cecc-x-m1-mv-s1_firmware:4.0.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4121C15B-B880-468E-B9F0-7C8073AB3411\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:festo:controller_cecc-x-m1-mv-s1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6AA08A0C-ADD6-4683-90E8-21D537E1E19B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:festo:controller_cecc-x-m1-ys-l1_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.8.14\",\"matchCriteriaId\":\"390BAAB8-93B3-40DE-B198-EA203A61DB39\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:festo:controller_cecc-x-m1-ys-l1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81C720A3-8847-487A-917C-E9863ABC8690\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:festo:controller_cecc-x-m1-ys-l2_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.8.14\",\"matchCriteriaId\":\"B0611087-C956-4F88-8238-AAE3F9AA12DC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:festo:controller_cecc-x-m1-ys-l2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C95A7B4C-C5BA-4C57-96A2-BB435ADE1ED8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:festo:controller_cecc-x-m1-y-yjkp_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.8.14\",\"matchCriteriaId\":\"ECC3B011-E51F-4E33-84AD-7D85899D20BA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:festo:controller_cecc-x-m1-y-yjkp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7F3C797-DE05-4FBC-A3BE-08548B746374\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:festo:servo_press_kit_yjkp_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.8.14\",\"matchCriteriaId\":\"8A787347-8CA6-4A3F-88FE-7086C0BDE2D3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:festo:servo_press_kit_yjkp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D75AC25-3E04-49B0-B727-060933EC006D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:festo:servo_press_kit_yjkp-_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.8.14\",\"matchCriteriaId\":\"54931207-EBF7-4E8D-B480-48FA17AE94B0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:festo:servo_press_kit_yjkp-:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A390CCD1-9EAD-4021-9816-D4508B72467F\"}]}]}],\"references\":[{\"url\":\"https://cert.vde.com/en/advisories/VDE-2022-020/\",\"source\":\"info@cert.vde.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://cert.vde.com/en/advisories/VDE-2022-020/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://cert.vde.com/en/advisories/VDE-2022-020/\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T06:48:35.696Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-30310\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-02-16T16:41:19.148257Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-20T15:21:00.615Z\"}}], \"cna\": {\"title\": \"FESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerability\", \"source\": {\"advisory\": \"VDE-2022-020\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Q. Kaiser, M. Illes from ONEKEY Research Labs for reported to Festo\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Festo\", \"product\": \"Controller CECC-X-M1 (4407603)\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.0.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.8.14\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Festo\", \"product\": \"Controller CECC-X-M1 (8124922)\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.0.14\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Festo\", \"product\": \"Controller CECC-X-M1-MV (4407605)\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.0.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.8.14\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Festo\", \"product\": \"Controller CECC-X-M1-MV (8124923)\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.0.14\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Festo\", \"product\": \"Controller CECC-X-M1-MV-S1 (4407606)\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.0.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.8.14\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Festo\", \"product\": \"Controller CECC-X-M1-MV-S1 (8124924)\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.0.14\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Festo\", \"product\": \"Controller CECC-X-M1-YS-L1 (8082793)\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.0.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.8.14\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Festo\", \"product\": \"Controller CECC-X-M1-YS-L2 (8082794)\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.0.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.8.14\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Festo\", \"product\": \"Controller CECC-X-M1-Y-YJKP (4803891)\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.0.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.8.14\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Festo\", \"product\": \"Servo Press Kit YJKP (8077950)\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.0.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.8.14\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Festo\", \"product\": \"Servo Press Kit YJKP- (8058596)\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.0.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.8.14\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2022-06-07T22:00:00.000Z\", \"references\": [{\"url\": \"https://cert.vde.com/en/advisories/VDE-2022-020/\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint \\\"cecc-x-acknerr-request\\\" POST request doesn\\u2019t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eIn Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint \u0026quot;cecc-x-acknerr-request\u0026quot; POST request doesn\\u2019t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-863\", \"description\": \"CWE-863 Incorrect Authorization\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"270ccfa6-a436-4e77-922e-914ec3a9685c\", \"shortName\": \"CERTVDE\", \"dateUpdated\": \"2023-08-10T07:35:23.988Z\"}, \"x_legacyV4Record\": {\"credit\": [{\"lang\": \"eng\", \"value\": \"Q. Kaiser, M. Illes from ONEKEY Research Labs for reported to Festo\"}], \"impact\": {\"cvss\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, \"source\": {\"advisory\": \"VDE-2022-020\", \"discovery\": \"EXTERNAL\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_name\": \"3.0.0\", \"version_value\": \"3.8.14\", \"version_affected\": \"\u003c=\"}]}, \"product_name\": \"Controller CECC-X-M1 (4407603)\"}, {\"version\": {\"version_data\": [{\"version_name\": \"4.0.14\", \"version_value\": \"4.0.14\", \"version_affected\": \"=\"}]}, \"product_name\": \"Controller CECC-X-M1 (8124922)\"}, {\"version\": {\"version_data\": [{\"version_name\": \"3.0.0\", \"version_value\": \"3.8.14\", \"version_affected\": \"\u003c=\"}]}, \"product_name\": \"Controller CECC-X-M1-MV (4407605)\"}, {\"version\": {\"version_data\": [{\"version_name\": \"4.0.14\", \"version_value\": \"4.0.14\", \"version_affected\": \"=\"}]}, \"product_name\": \"Controller CECC-X-M1-MV (8124923)\"}, {\"version\": {\"version_data\": [{\"version_name\": \"3.0.0\", \"version_value\": \"3.8.14\", \"version_affected\": \"\u003c=\"}]}, \"product_name\": \"Controller CECC-X-M1-MV-S1 (4407606)\"}, {\"version\": {\"version_data\": [{\"version_name\": \"4.0.14\", \"version_value\": \"4.0.14\", \"version_affected\": \"=\"}]}, \"product_name\": \"Controller CECC-X-M1-MV-S1 (8124924)\"}, {\"version\": {\"version_data\": [{\"version_name\": \"3.0.0\", \"version_value\": \"3.8.14\", \"version_affected\": \"\u003c=\"}]}, \"product_name\": \"Controller CECC-X-M1-YS-L1 (8082793)\"}, {\"version\": {\"version_data\": [{\"version_name\": \"3.0.0\", \"version_value\": \"3.8.14\", \"version_affected\": \"\u003c=\"}]}, \"product_name\": \"Controller CECC-X-M1-YS-L2 (8082794)\"}, {\"version\": {\"version_data\": [{\"version_name\": \"3.0.0\", \"version_value\": \"3.8.14\", \"version_affected\": \"\u003c=\"}]}, \"product_name\": \"Controller CECC-X-M1-Y-YJKP (4803891)\"}, {\"version\": {\"version_data\": [{\"version_name\": \"3.0.0\", \"version_value\": \"3.8.14\", \"version_affected\": \"\u003c=\"}]}, \"product_name\": \"Servo Press Kit YJKP (8077950)\"}, {\"version\": {\"version_data\": [{\"version_name\": \"3.0.0\", \"version_value\": \"3.8.14\", \"version_affected\": \"\u003c=\"}]}, \"product_name\": \"Servo Press Kit YJKP- (8058596)\"}]}, \"vendor_name\": \"Festo\"}]}}, \"data_type\": \"CVE\", \"generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"references\": {\"reference_data\": [{\"url\": \"https://cert.vde.com/en/advisories/VDE-2022-020/\", \"name\": \"https://cert.vde.com/en/advisories/VDE-2022-020/\", \"refsource\": \"CONFIRM\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint \\\"cecc-x-acknerr-request\\\" POST request doesn\\u2019t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-863 Incorrect Authorization\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2022-30310\", \"STATE\": \"PUBLIC\", \"TITLE\": \"FESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerability\", \"ASSIGNER\": \"info@cert.vde.com\", \"DATE_PUBLIC\": \"2022-06-08T08:00:00.000Z\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-30310\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-20T15:21:04.526Z\", \"dateReserved\": \"2022-05-06T00:00:00.000Z\", \"assignerOrgId\": \"270ccfa6-a436-4e77-922e-914ec3a9685c\", \"datePublished\": \"2022-06-13T13:45:23.105Z\", \"assignerShortName\": \"CERTVDE\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…