In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
festo controller_cecc-x-m1_firmware |
||
festo controller_cecc-x-m1_firmware 4.0.14 |
||
festo controller_cecc-x-m1-mv_firmware |
||
festo controller_cecc-x-m1-mv_firmware 4.0.14 |
||
festo controller_cecc-x-m1-mv-s1_firmware |
||
festo controller_cecc-x-m1-mv-s1_firmware 4.0.14 |
||
festo controller_cecc-x-m1-ys-l1_firmware |
||
festo controller_cecc-x-m1-ys-l2_firmware |
||
festo controller_cecc-x-m1-y-yjkp_firmware |
||
festo servo_press_kit_yjkp_firmware |
||
festo servo_press_kit_yjkp-_firmware |
Vulmon