In Festo Controller CECC-X-M1 product family in multiple...
Critical severity
Unreviewed
Published
Jun 14, 2022
to the GitHub Advisory Database
•
Updated Sep 17, 2024
Description
Published by the National Vulnerability Database
Jun 13, 2022
Published to the GitHub Advisory Database
Jun 14, 2022
Last updated
Sep 17, 2024
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
References