In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
festo controller cecc-x-m1 firmware |
||
festo controller cecc-x-m1 firmware 4.0.14 |
||
festo controller cecc-x-m1-mv firmware |
||
festo controller cecc-x-m1-mv firmware 4.0.14 |
||
festo controller cecc-x-m1-mv-s1 firmware |
||
festo controller cecc-x-m1-mv-s1 firmware 4.0.14 |
||
festo controller cecc-x-m1-ys-l1 firmware |
||
festo controller cecc-x-m1-ys-l2 firmware |
||
festo controller cecc-x-m1-y-yjkp firmware |
||
festo servo press kit yjkp firmware |
||
festo servo press kit yjkp- firmware |