CVE-2022-30311

Published Jun 13, 2022

Last updated 2 months ago

CVSS critical 9.8

Overview

Description: In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
Source: info@cert.vde.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

info@cert.vde.com: CWE-78
nvd@nist.gov: CWE-78

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:festo:controller_cecc-x-m1_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F146DE3D-9970-4732-9ECC-7562902BD228",
            "versionEndIncluding": "3.8.14"
          },
          {
            "criteria": "cpe:2.3:o:festo:controller_cecc-x-m1_firmware:4.0.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F2DB1CA3-3E7A-4643-9654-CA5CB83FEF32"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:festo:controller_cecc-x-m1:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "65A6F168-897E-4300-9C87-B987EA538473"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:festo:controller_cecc-x-m1-mv_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C3E5C5DE-4CB0-4C9D-BCFD-BCC45BF46038",
            "versionEndIncluding": "3.8.14"
          },
          {
            "criteria": "cpe:2.3:o:festo:controller_cecc-x-m1-mv_firmware:4.0.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DD5E3B15-B678-4B06-B6CC-03A5216A21C7"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:festo:controller_cecc-x-m1-mv:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DE2D43FB-F307-4F7E-8DEF-F026ACE110CF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:festo:controller_cecc-x-m1-mv-s1_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC667C12-0861-4B84-B728-0F200644FCE2",
            "versionEndIncluding": "3.8.14"
          },
          {
            "criteria": "cpe:2.3:o:festo:controller_cecc-x-m1-mv-s1_firmware:4.0.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4121C15B-B880-468E-B9F0-7C8073AB3411"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:festo:controller_cecc-x-m1-mv-s1:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6AA08A0C-ADD6-4683-90E8-21D537E1E19B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:festo:controller_cecc-x-m1-ys-l1_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "390BAAB8-93B3-40DE-B198-EA203A61DB39",
            "versionEndIncluding": "3.8.14"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:festo:controller_cecc-x-m1-ys-l1:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "81C720A3-8847-487A-917C-E9863ABC8690"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:festo:controller_cecc-x-m1-ys-l2_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B0611087-C956-4F88-8238-AAE3F9AA12DC",
            "versionEndIncluding": "3.8.14"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:festo:controller_cecc-x-m1-ys-l2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C95A7B4C-C5BA-4C57-96A2-BB435ADE1ED8"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:festo:controller_cecc-x-m1-y-yjkp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ECC3B011-E51F-4E33-84AD-7D85899D20BA",
            "versionEndIncluding": "3.8.14"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:festo:controller_cecc-x-m1-y-yjkp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C7F3C797-DE05-4FBC-A3BE-08548B746374"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:festo:servo_press_kit_yjkp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8A787347-8CA6-4A3F-88FE-7086C0BDE2D3",
            "versionEndIncluding": "3.8.14"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:festo:servo_press_kit_yjkp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8D75AC25-3E04-49B0-B727-060933EC006D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:festo:servo_press_kit_yjkp-_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "54931207-EBF7-4E8D-B480-48FA17AE94B0",
            "versionEndIncluding": "3.8.14"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:festo:servo_press_kit_yjkp-:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A390CCD1-9EAD-4021-9816-D4508B72467F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References