Improper Access Control Command Injection in Festo Controller CECC-X-M1

Improper Access Control Command Injection in Festo Controller CECC-X-M1

CVE-2022-30309 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.

Learn more about our Web App Pen Testing.