Headline
CVE-2022-30308: VDE-2022-020 | CERT@VDE
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint “cecc-x-web-viewer-request-on” POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
2022-06-08 10:00 (CEST) VDE-2022-020
FESTO: CECC-X-M1 - command injection vulnerabilities
Share: Email | Twitter
**
Published
**
2022-06-08 10:00 (CEST)
**
Last update
**
2022-06-08 16:27 (CEST)
Vendor(s)
Festo SE & Co. KG
Product(s)
Article No°
Product Name
Affected Version(s)
4407603
Controller CECC-X-M1
<= 3.8.14
8124922
Controller CECC-X-M1
= 4.0.14
4407605
Controller CECC-X-M1-MV
<= 3.8.14
8124923
Controller CECC-X-M1-MV
= 4.0.14
4407606
Controller CECC-X-M1-MV-S1
<= 3.8.14
8124924
Controller CECC-X-M1-MV-S1
= 4.0.14
8082793
Controller CECC-X-M1-YS-L1
<= 3.8.14
8082794
Controller CECC-X-M1-YS-L2
<= 3.8.14
4803891
Controller CECC-X-M1-Y-YJKP
<= 3.8.14
8077950
Servo Press Kit YJKP
<= 3.8.14
8058596
Servo Press Kit YJKP-
<= 3.8.14
**
Summary
**
The Festo controller CECC-X-M1 product family in multiple versions are affected by a preauthentication command injection vulnerability.
**
Vulnerabilities
**
Summary
In Festo Controller CECC-X-M1 product family, the http-endpoint “cecc-x-web-viewer-request-on” POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to …
Summary
In Festo Controller CECC-X-M1 product family, the http-endpoint “cecc-x-web-viewer-request-off” POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to …
Summary
In Festo Controller CECC-X-M1 product family, the http-endpoint “cecc-x-acknerr-request” POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to …
Summary
In Festo Controller CECC-X-M1 product family, the http-endpoint “cecc-x-refresh-request” POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to …
**
Impact
**
Any person who is able to gain access to the webserver would be able to run arbitrary system commands on the device with root privileges.
**
Solution
**
General recommendation
Currently, Festo has not identified any specific workarounds for this vulnerability. As part of a security strategy, Festo recommends the following general defense measures to reduce the risk of exploits:
- Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside
- Use firewalls to protect and separate the control system network from other networks
- Use VPN (Virtual Private Networks) tunnels if remote access is required
- Activate and apply user management and password features
- Use encrypted communication links
- Limit the access to both development and control system by physical means, operating system features, etc.
- Protect both development and control system by using up to date virus detecting solutions
Festo strongly recommends to minimize and protect network access to connected devices with state of the art techniques and processes. For a secure operation follow the recommendations in the product manuals.
Remediation
This issue will be fixed with next firmware release. The release is expected for end of June 2022.
**
Reported by
**
Festo SE & Co. KG thanks the following parties for their efforts:
- CERT@VDE for coordination and support with this publication
- Q. Kaiser, M. Illes from ONEKEY Research Labs for reporting to Festo