Skip to main content

Controller Cecc X M1 Ys L2 Firmware

5 CVEs product

Monthly

CVE-2022-3270 CRITICAL Act Now

In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protocol which could lead to a complete loss of confidentiality, integrity and availability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bus Module Cpx E Ep Firmware Bus Node Cpx Fb32 Firmware Bus Node Cpx Fb33 Firmware Bus Node Cpx Fb36 Firmware +95
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-30311 CRITICAL Act Now

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Controller Cecc X M1 Firmware Controller Cecc X M1 Mv Firmware Controller Cecc X M1 Mv S1 Firmware Controller Cecc X M1 Ys L1 Firmware +3
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2022-30310 CRITICAL Act Now

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Controller Cecc X M1 Firmware Controller Cecc X M1 Mv Firmware Controller Cecc X M1 Mv S1 Firmware Controller Cecc X M1 Ys L1 Firmware +3
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-30309 CRITICAL Act Now

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Controller Cecc X M1 Firmware Controller Cecc X M1 Mv Firmware Controller Cecc X M1 Mv S1 Firmware Controller Cecc X M1 Ys L1 Firmware +3
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2022-30308 CRITICAL Act Now

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Controller Cecc X M1 Firmware Controller Cecc X M1 Mv Firmware Controller Cecc X M1 Mv S1 Firmware Controller Cecc X M1 Ys L1 Firmware +3
NVD
CVSS 3.1
9.8
EPSS
2.7%
EPSS 1% CVSS 9.8
CRITICAL Act Now

In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protocol which could lead to a complete loss of confidentiality, integrity and availability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bus Module Cpx E Ep Firmware Bus Node Cpx Fb32 Firmware +97
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Controller Cecc X M1 Firmware Controller Cecc X M1 Mv Firmware +5
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Controller Cecc X M1 Firmware Controller Cecc X M1 Mv Firmware +5
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Controller Cecc X M1 Firmware Controller Cecc X M1 Mv Firmware +5
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Controller Cecc X M1 Firmware Controller Cecc X M1 Mv Firmware +5
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy