CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
CVE-2022-27642 (GCVE-0-2022-27642)
Vulnerability from cvelistv5 – Published: 2023-03-29 00:00 – Updated: 2025-02-18 17:49
VLAI
Summary
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-15854.
Severity
6.3 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-518/"
},
{
"tags": [
"x_transferred"
],
"url": "https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-27642",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T17:49:46.824954Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T17:49:51.215Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "R6700v3",
"vendor": "NETGEAR",
"versions": [
{
"status": "affected",
"version": "1.0.4.120_10.0.91"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Bugscale team"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-15854."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-29T00:00:00.000Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-518/"
},
{
"url": "https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-27642",
"datePublished": "2023-03-29T00:00:00.000Z",
"dateReserved": "2022-03-22T00:00:00.000Z",
"dateUpdated": "2025-02-18T17:49:51.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27668 (GCVE-0-2022-27668)
Vulnerability from cvelistv5 – Published: 2022-06-14 16:57 – Updated: 2024-08-03 05:33
VLAI
Summary
Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability.
Severity
No CVSS data available.
CWE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.sap.com/documents/2022/02/fa865ea4-16… | x_refsource_MISC |
| https://launchpad.support.sap.com/#/notes/3158375 | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2022/Sep/17 | mailing-listx_refsource_FULLDISC |
| http://packetstormsecurity.com/files/168406/SAP-S… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP NetWeaver and ABAP Platform |
Affected:
KERNEL 7.49
Affected: 7.77 Affected: 7.81 Affected: 7.85 Affected: 7.86 Affected: 7.87 Affected: 7.88 Affected: KRNL64NUC 7.49 Affected: KRNL64UC 7.49 Affected: SAP_ROUTER 7.53 Affected: 7.22 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:33:00.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3158375"
},
{
"name": "20220915 SEC Consult SA-20220914-0 :: Improper Access Control in SAP SAProuter",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Sep/17"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/168406/SAP-SAProuter-Improper-Access-Control.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP NetWeaver and ABAP Platform",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "KERNEL 7.49"
},
{
"status": "affected",
"version": "7.77"
},
{
"status": "affected",
"version": "7.81"
},
{
"status": "affected",
"version": "7.85"
},
{
"status": "affected",
"version": "7.86"
},
{
"status": "affected",
"version": "7.87"
},
{
"status": "affected",
"version": "7.88"
},
{
"status": "affected",
"version": "KRNL64NUC 7.49"
},
{
"status": "affected",
"version": "KRNL64UC 7.49"
},
{
"status": "affected",
"version": "SAP_ROUTER 7.53"
},
{
"status": "affected",
"version": "7.22"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Depending on the configuration of the route permission table in file \u0027saprouttab\u0027, it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-16T15:06:17.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/3158375"
},
{
"name": "20220915 SEC Consult SA-20220914-0 :: Improper Access Control in SAP SAProuter",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/Sep/17"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/168406/SAP-SAProuter-Improper-Access-Control.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2022-27668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver and ABAP Platform",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "KERNEL 7.49"
},
{
"version_affected": "=",
"version_value": "7.77"
},
{
"version_affected": "=",
"version_value": "7.81"
},
{
"version_affected": "=",
"version_value": "7.85"
},
{
"version_affected": "=",
"version_value": "7.86"
},
{
"version_affected": "=",
"version_value": "7.87"
},
{
"version_affected": "=",
"version_value": "7.88"
},
{
"version_affected": "=",
"version_value": "KRNL64NUC 7.49"
},
{
"version_affected": "=",
"version_value": "KRNL64UC 7.49"
},
{
"version_affected": "=",
"version_value": "SAP_ROUTER 7.53"
},
{
"version_affected": "=",
"version_value": "7.22"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Depending on the configuration of the route permission table in file \u0027saprouttab\u0027, it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability."
}
]
},
"impact": {
"cvss": {
"baseScore": "null",
"vectorString": "null",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"refsource": "MISC",
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"name": "https://launchpad.support.sap.com/#/notes/3158375",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3158375"
},
{
"name": "20220915 SEC Consult SA-20220914-0 :: Improper Access Control in SAP SAProuter",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/Sep/17"
},
{
"name": "http://packetstormsecurity.com/files/168406/SAP-SAProuter-Improper-Access-Control.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/168406/SAP-SAProuter-Improper-Access-Control.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2022-27668",
"datePublished": "2022-06-14T16:57:29.000Z",
"dateReserved": "2022-03-23T00:00:00.000Z",
"dateUpdated": "2024-08-03T05:33:00.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28774 (GCVE-0-2022-28774)
Vulnerability from cvelistv5 – Published: 2022-05-11 14:55 – Updated: 2024-08-03 06:03
VLAI
Summary
Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted.
Severity
No CVSS data available.
CWE
- CWE-863 - CWE-532, CWE-522
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.sap.com/documents/2022/02/fa865ea4-16… | x_refsource_MISC |
| https://launchpad.support.sap.com/#/notes/3158188 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP Host Agent |
Affected:
7.22
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:52.641Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3158188"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Host Agent",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "7.22"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863, CWE-532, CWE-522",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-11T14:55:29.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/3158188"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2022-28774",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Host Agent",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.22"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted."
}
]
},
"impact": {
"cvss": {
"baseScore": "null",
"vectorString": "null",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863, CWE-532, CWE-522"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"refsource": "MISC",
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"name": "https://launchpad.support.sap.com/#/notes/3158188",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3158188"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2022-28774",
"datePublished": "2022-05-11T14:55:29.000Z",
"dateReserved": "2022-04-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:03:52.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29619 (GCVE-0-2022-29619)
Vulnerability from cvelistv5 – Published: 2022-07-12 20:26 – Updated: 2024-08-03 06:26
VLAI
Summary
Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.x - versions 420,430 allows user Administrator to view, edit or modify rights of objects it doesn't own and which would otherwise be restricted.
Severity
No CVSS data available.
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.sap.com/documents/2022/02/fa865ea4-16… | x_refsource_MISC |
| https://launchpad.support.sap.com/#/notes/3169239 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP BusinessObjects Business Intelligence Platform |
Affected:
420
Affected: 430 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:26:06.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3169239"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP BusinessObjects Business Intelligence Platform",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "420"
},
{
"status": "affected",
"version": "430"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.x - versions 420,430 allows user Administrator to view, edit or modify rights of objects it doesn\u0027t own and which would otherwise be restricted."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-12T20:26:44.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/3169239"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2022-29619",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP BusinessObjects Business Intelligence Platform",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "420"
},
{
"version_affected": "=",
"version_value": "430"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.x - versions 420,430 allows user Administrator to view, edit or modify rights of objects it doesn\u0027t own and which would otherwise be restricted."
}
]
},
"impact": {
"cvss": {
"baseScore": "null",
"vectorString": "null",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"refsource": "MISC",
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"name": "https://launchpad.support.sap.com/#/notes/3169239",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3169239"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2022-29619",
"datePublished": "2022-07-12T20:26:44.000Z",
"dateReserved": "2022-04-25T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:26:06.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3024 (GCVE-0-2022-3024)
Vulnerability from cvelistv5 – Published: 2022-09-26 00:00 – Updated: 2025-05-22 14:26
VLAI
Title
Simple Bitcoin Faucets <= 1.7.0 - Unauthorised AJAX Call to Stored XSS
Summary
The Simple Bitcoin Faucets WordPress plugin through 1.7.0 does not have any authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscribers to call it and add/delete/edit Bonds. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues
Severity
5.4 (Medium)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Bitcoin Satoshi Tools : Faucets, Visitor Rewarder, Satoshi Games, Referral Program |
Affected:
1.7.0 , ≤ 1.7.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:53:00.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/7f43cb8e-0c1b-4528-8c5c-b81ab42778dc"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-3024",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T14:25:56.159800Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T14:26:26.193Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Bitcoin Satoshi Tools : Faucets, Visitor Rewarder, Satoshi Games, Referral Program",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.7.0",
"status": "affected",
"version": "1.7.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lana Codes"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Simple Bitcoin Faucets WordPress plugin through 1.7.0 does not have any authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscribers to call it and add/delete/edit Bonds. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-07T00:00:00.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"url": "https://wpscan.com/vulnerability/7f43cb8e-0c1b-4528-8c5c-b81ab42778dc"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Simple Bitcoin Faucets \u003c= 1.7.0 - Unauthorised AJAX Call to Stored XSS",
"x_generator": "WPScan CVE Generator"
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-3024",
"datePublished": "2022-09-26T00:00:00.000Z",
"dateReserved": "2022-08-29T00:00:00.000Z",
"dateUpdated": "2025-05-22T14:26:26.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30308 (GCVE-0-2022-30308)
Vulnerability from cvelistv5 – Published: 2022-06-13 13:45 – Updated: 2024-09-16 22:40
VLAI
Title
FESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerability
Summary
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
Severity
9.8 (Critical)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert.vde.com/en/advisories/VDE-2022-020/ | x_refsource_CONFIRM |
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| Festo | Controller CECC-X-M1 (4407603) |
Affected:
3.0.0 , ≤ 3.8.14
(custom)
|
|
| Festo | Controller CECC-X-M1 (8124922) |
Affected:
4.0.14
|
|
| Festo | Controller CECC-X-M1-MV (4407605) |
Affected:
3.0.0 , ≤ 3.8.14
(custom)
|
|
| Festo | Controller CECC-X-M1-MV (8124923) |
Affected:
4.0.14
|
|
| Festo | Controller CECC-X-M1-MV-S1 (4407606) |
Affected:
3.0.0 , ≤ 3.8.14
(custom)
|
|
| Festo | Controller CECC-X-M1-MV-S1 (8124924) |
Affected:
4.0.14
|
|
| Festo | Controller CECC-X-M1-YS-L1 (8082793) |
Affected:
3.0.0 , ≤ 3.8.14
(custom)
|
|
| Festo | Controller CECC-X-M1-YS-L2 (8082794) |
Affected:
3.0.0 , ≤ 3.8.14
(custom)
|
|
| Festo | Controller CECC-X-M1-Y-YJKP (4803891) |
Affected:
3.0.0 , ≤ 3.8.14
(custom)
|
|
| Festo | Servo Press Kit YJKP (8077950) |
Affected:
3.0.0 , ≤ 3.8.14
(custom)
|
|
| Festo | Servo Press Kit YJKP- (8058596) |
Affected:
3.0.0 , ≤ 3.8.14
(custom)
|
Date Public
2022-06-07 22:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:48:35.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Controller CECC-X-M1 (4407603)",
"vendor": "Festo",
"versions": [
{
"lessThanOrEqual": "3.8.14",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Controller CECC-X-M1 (8124922)",
"vendor": "Festo",
"versions": [
{
"status": "affected",
"version": "4.0.14"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Controller CECC-X-M1-MV (4407605)",
"vendor": "Festo",
"versions": [
{
"lessThanOrEqual": "3.8.14",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Controller CECC-X-M1-MV (8124923)",
"vendor": "Festo",
"versions": [
{
"status": "affected",
"version": "4.0.14"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Controller CECC-X-M1-MV-S1 (4407606)",
"vendor": "Festo",
"versions": [
{
"lessThanOrEqual": "3.8.14",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Controller CECC-X-M1-MV-S1 (8124924)",
"vendor": "Festo",
"versions": [
{
"status": "affected",
"version": "4.0.14"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Controller CECC-X-M1-YS-L1 (8082793)",
"vendor": "Festo",
"versions": [
{
"lessThanOrEqual": "3.8.14",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Controller CECC-X-M1-YS-L2 (8082794)",
"vendor": "Festo",
"versions": [
{
"lessThanOrEqual": "3.8.14",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Controller CECC-X-M1-Y-YJKP (4803891)",
"vendor": "Festo",
"versions": [
{
"lessThanOrEqual": "3.8.14",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Servo Press Kit YJKP (8077950)",
"vendor": "Festo",
"versions": [
{
"lessThanOrEqual": "3.8.14",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Servo Press Kit YJKP- (8058596)",
"vendor": "Festo",
"versions": [
{
"lessThanOrEqual": "3.8.14",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Q. Kaiser, M. Illes from ONEKEY Research Labs for reported to Festo"
}
],
"datePublic": "2022-06-07T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint \u0026quot;cecc-x-web-viewer-request-on\u0026quot; POST request doesn\u2019t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.\u003c/p\u003e"
}
],
"value": "In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint \"cecc-x-web-viewer-request-on\" POST request doesn\u2019t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-10T07:34:11.747Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-020/"
}
],
"source": {
"advisory": "VDE-2022-020",
"discovery": "EXTERNAL"
},
"title": "FESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-06-08T08:00:00.000Z",
"ID": "CVE-2022-30308",
"STATE": "PUBLIC",
"TITLE": "FESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Controller CECC-X-M1 (4407603)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.0.0",
"version_value": "3.8.14"
}
]
}
},
{
"product_name": "Controller CECC-X-M1 (8124922)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "4.0.14",
"version_value": "4.0.14"
}
]
}
},
{
"product_name": "Controller CECC-X-M1-MV (4407605)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.0.0",
"version_value": "3.8.14"
}
]
}
},
{
"product_name": "Controller CECC-X-M1-MV (8124923)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "4.0.14",
"version_value": "4.0.14"
}
]
}
},
{
"product_name": "Controller CECC-X-M1-MV-S1 (4407606)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.0.0",
"version_value": "3.8.14"
}
]
}
},
{
"product_name": "Controller CECC-X-M1-MV-S1 (8124924)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "4.0.14",
"version_value": "4.0.14"
}
]
}
},
{
"product_name": "Controller CECC-X-M1-YS-L1 (8082793)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.0.0",
"version_value": "3.8.14"
}
]
}
},
{
"product_name": "Controller CECC-X-M1-YS-L2 (8082794)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.0.0",
"version_value": "3.8.14"
}
]
}
},
{
"product_name": "Controller CECC-X-M1-Y-YJKP (4803891)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.0.0",
"version_value": "3.8.14"
}
]
}
},
{
"product_name": "Servo Press Kit YJKP (8077950)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.0.0",
"version_value": "3.8.14"
}
]
}
},
{
"product_name": "Servo Press Kit YJKP- (8058596)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.0.0",
"version_value": "3.8.14"
}
]
}
}
]
},
"vendor_name": "Festo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Q. Kaiser, M. Illes from ONEKEY Research Labs for reported to Festo"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint \"cecc-x-web-viewer-request-on\" POST request doesn\u2019t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2022-020/",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2022-020/"
}
]
},
"source": {
"advisory": "VDE-2022-020",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-30308",
"datePublished": "2022-06-13T13:45:20.015Z",
"dateReserved": "2022-05-06T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:40:02.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30309 (GCVE-0-2022-30309)
Vulnerability from cvelistv5 – Published: 2022-06-13 13:45 – Updated: 2024-09-16 22:15
VLAI
Title
FESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerability
Summary
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
Severity
9.8 (Critical)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert.vde.com/en/advisories/VDE-2022-020/ | x_refsource_CONFIRM |
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| Festo | Controller CECC-X-M1 (4407603) |
Affected:
3.0.0 , ≤ 3.8.14
(custom)
|
|
| Festo | Controller CECC-X-M1 (8124922) |
Affected:
4.0.14
|
|
| Festo | Controller CECC-X-M1-MV (4407605) |
Affected:
3.0.0 , ≤ 3.8.14
(custom)
|
|
| Festo | Controller CECC-X-M1-MV (8124923) |
Affected:
4.0.14
|
|
| Festo | Controller CECC-X-M1-MV-S1 (4407606) |
Affected:
3.0.0 , ≤ 3.8.14
(custom)
|
|
| Festo | Controller CECC-X-M1-MV-S1 (8124924) |
Affected:
4.0.14
|
|
| Festo | Controller CECC-X-M1-YS-L1 (8082793) |
Affected:
3.0.0 , ≤ 3.8.14
(custom)
|
|
| Festo | Controller CECC-X-M1-YS-L2 (8082794) |
Affected:
3.0.0 , ≤ 3.8.14
(custom)
|
|
| Festo | Controller CECC-X-M1-Y-YJKP (4803891) |
Affected:
3.0.0 , ≤ 3.8.14
(custom)
|
|
| Festo | Servo Press Kit YJKP (8077950) |
Affected:
3.0.0 , ≤ 3.8.14
(custom)
|
|
| Festo | Servo Press Kit YJKP- (8058596) |
Affected:
3.0.0 , ≤ 3.8.14
(custom)
|
Date Public
2022-06-07 22:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:48:35.392Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Controller CECC-X-M1 (4407603)",
"vendor": "Festo",
"versions": [
{
"lessThanOrEqual": "3.8.14",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Controller CECC-X-M1 (8124922)",
"vendor": "Festo",
"versions": [
{
"status": "affected",
"version": "4.0.14"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Controller CECC-X-M1-MV (4407605)",
"vendor": "Festo",
"versions": [
{
"lessThanOrEqual": "3.8.14",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Controller CECC-X-M1-MV (8124923)",
"vendor": "Festo",
"versions": [
{
"status": "affected",
"version": "4.0.14"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Controller CECC-X-M1-MV-S1 (4407606)",
"vendor": "Festo",
"versions": [
{
"lessThanOrEqual": "3.8.14",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Controller CECC-X-M1-MV-S1 (8124924)",
"vendor": "Festo",
"versions": [
{
"status": "affected",
"version": "4.0.14"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Controller CECC-X-M1-YS-L1 (8082793)",
"vendor": "Festo",
"versions": [
{
"lessThanOrEqual": "3.8.14",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Controller CECC-X-M1-YS-L2 (8082794)",
"vendor": "Festo",
"versions": [
{
"lessThanOrEqual": "3.8.14",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Controller CECC-X-M1-Y-YJKP (4803891)",
"vendor": "Festo",
"versions": [
{
"lessThanOrEqual": "3.8.14",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Servo Press Kit YJKP (8077950)",
"vendor": "Festo",
"versions": [
{
"lessThanOrEqual": "3.8.14",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Servo Press Kit YJKP- (8058596)",
"vendor": "Festo",
"versions": [
{
"lessThanOrEqual": "3.8.14",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Q. Kaiser, M. Illes from ONEKEY Research Labs for reported to Festo"
}
],
"datePublic": "2022-06-07T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint \u0026quot;cecc-x-web-viewer-request-off\u0026quot; POST request doesn\u2019t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.\u003c/p\u003e"
}
],
"value": "In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint \"cecc-x-web-viewer-request-off\" POST request doesn\u2019t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-10T07:35:06.910Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-020/"
}
],
"source": {
"advisory": "VDE-2022-020",
"discovery": "EXTERNAL"
},
"title": "FESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-06-08T08:00:00.000Z",
"ID": "CVE-2022-30309",
"STATE": "PUBLIC",
"TITLE": "FESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Controller CECC-X-M1 (4407603)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.0.0",
"version_value": "3.8.14"
}
]
}
},
{
"product_name": "Controller CECC-X-M1 (8124922)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "4.0.14",
"version_value": "4.0.14"
}
]
}
},
{
"product_name": "Controller CECC-X-M1-MV (4407605)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.0.0",
"version_value": "3.8.14"
}
]
}
},
{
"product_name": "Controller CECC-X-M1-MV (8124923)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "4.0.14",
"version_value": "4.0.14"
}
]
}
},
{
"product_name": "Controller CECC-X-M1-MV-S1 (4407606)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.0.0",
"version_value": "3.8.14"
}
]
}
},
{
"product_name": "Controller CECC-X-M1-MV-S1 (8124924)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "4.0.14",
"version_value": "4.0.14"
}
]
}
},
{
"product_name": "Controller CECC-X-M1-YS-L1 (8082793)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.0.0",
"version_value": "3.8.14"
}
]
}
},
{
"product_name": "Controller CECC-X-M1-YS-L2 (8082794)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.0.0",
"version_value": "3.8.14"
}
]
}
},
{
"product_name": "Controller CECC-X-M1-Y-YJKP (4803891)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.0.0",
"version_value": "3.8.14"
}
]
}
},
{
"product_name": "Servo Press Kit YJKP (8077950)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.0.0",
"version_value": "3.8.14"
}
]
}
},
{
"product_name": "Servo Press Kit YJKP- (8058596)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.0.0",
"version_value": "3.8.14"
}
]
}
}
]
},
"vendor_name": "Festo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Q. Kaiser, M. Illes from ONEKEY Research Labs for reported to Festo"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint \"cecc-x-web-viewer-request-off\" POST request doesn\u2019t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2022-020/",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2022-020/"
}
]
},
"source": {
"advisory": "VDE-2022-020",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-30309",
"datePublished": "2022-06-13T13:45:21.634Z",
"dateReserved": "2022-05-06T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:15:41.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30310 (GCVE-0-2022-30310)
Vulnerability from cvelistv5 – Published: 2022-06-13 13:45 – Updated: 2024-11-20 15:21
VLAI
Title
FESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerability
Summary
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
Severity
9.8 (Critical)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert.vde.com/en/advisories/VDE-2022-020/ | x_refsource_CONFIRM |
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| Festo | Controller CECC-X-M1 (4407603) |
Affected:
3.0.0 , ≤ 3.8.14
(custom)
|
|
| Festo | Controller CECC-X-M1 (8124922) |
Affected:
4.0.14
|
|
| Festo | Controller CECC-X-M1-MV (4407605) |
Affected:
3.0.0 , ≤ 3.8.14
(custom)
|
|
| Festo | Controller CECC-X-M1-MV (8124923) |
Affected:
4.0.14
|
|
| Festo | Controller CECC-X-M1-MV-S1 (4407606) |
Affected:
3.0.0 , ≤ 3.8.14
(custom)
|
|
| Festo | Controller CECC-X-M1-MV-S1 (8124924) |
Affected:
4.0.14
|
|
| Festo | Controller CECC-X-M1-YS-L1 (8082793) |
Affected:
3.0.0 , ≤ 3.8.14
(custom)
|
|
| Festo | Controller CECC-X-M1-YS-L2 (8082794) |
Affected:
3.0.0 , ≤ 3.8.14
(custom)
|
|
| Festo | Controller CECC-X-M1-Y-YJKP (4803891) |
Affected:
3.0.0 , ≤ 3.8.14
(custom)
|
|
| Festo | Servo Press Kit YJKP (8077950) |
Affected:
3.0.0 , ≤ 3.8.14
(custom)
|
|
| Festo | Servo Press Kit YJKP- (8058596) |
Affected:
3.0.0 , ≤ 3.8.14
(custom)
|
Date Public
2022-06-07 22:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:48:35.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-020/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-30310",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-16T16:41:19.148257Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T15:21:04.526Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Controller CECC-X-M1 (4407603)",
"vendor": "Festo",
"versions": [
{
"lessThanOrEqual": "3.8.14",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Controller CECC-X-M1 (8124922)",
"vendor": "Festo",
"versions": [
{
"status": "affected",
"version": "4.0.14"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Controller CECC-X-M1-MV (4407605)",
"vendor": "Festo",
"versions": [
{
"lessThanOrEqual": "3.8.14",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Controller CECC-X-M1-MV (8124923)",
"vendor": "Festo",
"versions": [
{
"status": "affected",
"version": "4.0.14"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Controller CECC-X-M1-MV-S1 (4407606)",
"vendor": "Festo",
"versions": [
{
"lessThanOrEqual": "3.8.14",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Controller CECC-X-M1-MV-S1 (8124924)",
"vendor": "Festo",
"versions": [
{
"status": "affected",
"version": "4.0.14"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Controller CECC-X-M1-YS-L1 (8082793)",
"vendor": "Festo",
"versions": [
{
"lessThanOrEqual": "3.8.14",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Controller CECC-X-M1-YS-L2 (8082794)",
"vendor": "Festo",
"versions": [
{
"lessThanOrEqual": "3.8.14",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Controller CECC-X-M1-Y-YJKP (4803891)",
"vendor": "Festo",
"versions": [
{
"lessThanOrEqual": "3.8.14",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Servo Press Kit YJKP (8077950)",
"vendor": "Festo",
"versions": [
{
"lessThanOrEqual": "3.8.14",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Servo Press Kit YJKP- (8058596)",
"vendor": "Festo",
"versions": [
{
"lessThanOrEqual": "3.8.14",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Q. Kaiser, M. Illes from ONEKEY Research Labs for reported to Festo"
}
],
"datePublic": "2022-06-07T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint \u0026quot;cecc-x-acknerr-request\u0026quot; POST request doesn\u2019t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.\u003c/p\u003e"
}
],
"value": "In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint \"cecc-x-acknerr-request\" POST request doesn\u2019t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-10T07:35:23.988Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-020/"
}
],
"source": {
"advisory": "VDE-2022-020",
"discovery": "EXTERNAL"
},
"title": "FESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-06-08T08:00:00.000Z",
"ID": "CVE-2022-30310",
"STATE": "PUBLIC",
"TITLE": "FESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Controller CECC-X-M1 (4407603)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.0.0",
"version_value": "3.8.14"
}
]
}
},
{
"product_name": "Controller CECC-X-M1 (8124922)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "4.0.14",
"version_value": "4.0.14"
}
]
}
},
{
"product_name": "Controller CECC-X-M1-MV (4407605)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.0.0",
"version_value": "3.8.14"
}
]
}
},
{
"product_name": "Controller CECC-X-M1-MV (8124923)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "4.0.14",
"version_value": "4.0.14"
}
]
}
},
{
"product_name": "Controller CECC-X-M1-MV-S1 (4407606)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.0.0",
"version_value": "3.8.14"
}
]
}
},
{
"product_name": "Controller CECC-X-M1-MV-S1 (8124924)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "4.0.14",
"version_value": "4.0.14"
}
]
}
},
{
"product_name": "Controller CECC-X-M1-YS-L1 (8082793)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.0.0",
"version_value": "3.8.14"
}
]
}
},
{
"product_name": "Controller CECC-X-M1-YS-L2 (8082794)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.0.0",
"version_value": "3.8.14"
}
]
}
},
{
"product_name": "Controller CECC-X-M1-Y-YJKP (4803891)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.0.0",
"version_value": "3.8.14"
}
]
}
},
{
"product_name": "Servo Press Kit YJKP (8077950)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.0.0",
"version_value": "3.8.14"
}
]
}
},
{
"product_name": "Servo Press Kit YJKP- (8058596)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.0.0",
"version_value": "3.8.14"
}
]
}
}
]
},
"vendor_name": "Festo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Q. Kaiser, M. Illes from ONEKEY Research Labs for reported to Festo"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint \"cecc-x-acknerr-request\" POST request doesn\u2019t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2022-020/",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2022-020/"
}
]
},
"source": {
"advisory": "VDE-2022-020",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-30310",
"datePublished": "2022-06-13T13:45:23.105Z",
"dateReserved": "2022-05-06T00:00:00.000Z",
"dateUpdated": "2024-11-20T15:21:04.526Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30311 (GCVE-0-2022-30311)
Vulnerability from cvelistv5 – Published: 2022-06-13 13:45 – Updated: 2024-09-16 23:41
VLAI
Title
FESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerability
Summary
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
Severity
9.8 (Critical)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert.vde.com/en/advisories/VDE-2022-020/ | x_refsource_CONFIRM |
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| Festo | Controller CECC-X-M1 (4407603) |
Affected:
3.0.0 , ≤ 3.8.14
(custom)
|
|
| Festo | Controller CECC-X-M1 (8124922) |
Affected:
4.0.14
|
|
| Festo | Controller CECC-X-M1-MV (4407605) |
Affected:
3.0.0 , ≤ 3.8.14
(custom)
|
|
| Festo | Controller CECC-X-M1-MV (8124923) |
Affected:
4.0.14
|
|
| Festo | Controller CECC-X-M1-MV-S1 (4407606) |
Affected:
3.0.0 , ≤ 3.8.14
(custom)
|
|
| Festo | Controller CECC-X-M1-MV-S1 (8124924) |
Affected:
4.0.14
|
|
| Festo | Controller CECC-X-M1-YS-L1 (8082793) |
Affected:
3.0.0 , ≤ 3.8.14
(custom)
|
|
| Festo | Controller CECC-X-M1-YS-L2 (8082794) |
Affected:
3.0.0 , ≤ 3.8.14
(custom)
|
|
| Festo | Controller CECC-X-M1-Y-YJKP (4803891) |
Affected:
3.0.0 , ≤ 3.8.14
(custom)
|
|
| Festo | Servo Press Kit YJKP (8077950) |
Affected:
3.0.0 , ≤ 3.8.14
(custom)
|
|
| Festo | Servo Press Kit YJKP- (8058596) |
Affected:
3.0.0 , ≤ 3.8.14
(custom)
|
Date Public
2022-06-07 22:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:48:35.703Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Controller CECC-X-M1 (4407603)",
"vendor": "Festo",
"versions": [
{
"lessThanOrEqual": "3.8.14",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Controller CECC-X-M1 (8124922)",
"vendor": "Festo",
"versions": [
{
"status": "affected",
"version": "4.0.14"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Controller CECC-X-M1-MV (4407605)",
"vendor": "Festo",
"versions": [
{
"lessThanOrEqual": "3.8.14",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Controller CECC-X-M1-MV (8124923)",
"vendor": "Festo",
"versions": [
{
"status": "affected",
"version": "4.0.14"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Controller CECC-X-M1-MV-S1 (4407606)",
"vendor": "Festo",
"versions": [
{
"lessThanOrEqual": "3.8.14",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Controller CECC-X-M1-MV-S1 (8124924)",
"vendor": "Festo",
"versions": [
{
"status": "affected",
"version": "4.0.14"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Controller CECC-X-M1-YS-L1 (8082793)",
"vendor": "Festo",
"versions": [
{
"lessThanOrEqual": "3.8.14",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Controller CECC-X-M1-YS-L2 (8082794)",
"vendor": "Festo",
"versions": [
{
"lessThanOrEqual": "3.8.14",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Controller CECC-X-M1-Y-YJKP (4803891)",
"vendor": "Festo",
"versions": [
{
"lessThanOrEqual": "3.8.14",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Servo Press Kit YJKP (8077950)",
"vendor": "Festo",
"versions": [
{
"lessThanOrEqual": "3.8.14",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Servo Press Kit YJKP- (8058596)",
"vendor": "Festo",
"versions": [
{
"lessThanOrEqual": "3.8.14",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Q. Kaiser, M. Illes from ONEKEY Research Labs for reported to Festo"
}
],
"datePublic": "2022-06-07T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint \u0026quot;cecc-x-refresh-request\u0026quot; POST request doesn\u2019t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.\u003c/p\u003e"
}
],
"value": "In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint \"cecc-x-refresh-request\" POST request doesn\u2019t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-10T07:36:02.588Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-020/"
}
],
"source": {
"advisory": "VDE-2022-020",
"discovery": "EXTERNAL"
},
"title": "FESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-06-08T08:00:00.000Z",
"ID": "CVE-2022-30311",
"STATE": "PUBLIC",
"TITLE": "FESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Controller CECC-X-M1 (4407603)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.0.0",
"version_value": "3.8.14"
}
]
}
},
{
"product_name": "Controller CECC-X-M1 (8124922)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "4.0.14",
"version_value": "4.0.14"
}
]
}
},
{
"product_name": "Controller CECC-X-M1-MV (4407605)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.0.0",
"version_value": "3.8.14"
}
]
}
},
{
"product_name": "Controller CECC-X-M1-MV (8124923)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "4.0.14",
"version_value": "4.0.14"
}
]
}
},
{
"product_name": "Controller CECC-X-M1-MV-S1 (4407606)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.0.0",
"version_value": "3.8.14"
}
]
}
},
{
"product_name": "Controller CECC-X-M1-MV-S1 (8124924)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "4.0.14",
"version_value": "4.0.14"
}
]
}
},
{
"product_name": "Controller CECC-X-M1-YS-L1 (8082793)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.0.0",
"version_value": "3.8.14"
}
]
}
},
{
"product_name": "Controller CECC-X-M1-YS-L2 (8082794)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.0.0",
"version_value": "3.8.14"
}
]
}
},
{
"product_name": "Controller CECC-X-M1-Y-YJKP (4803891)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.0.0",
"version_value": "3.8.14"
}
]
}
},
{
"product_name": "Servo Press Kit YJKP (8077950)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.0.0",
"version_value": "3.8.14"
}
]
}
},
{
"product_name": "Servo Press Kit YJKP- (8058596)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.0.0",
"version_value": "3.8.14"
}
]
}
}
]
},
"vendor_name": "Festo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Q. Kaiser, M. Illes from ONEKEY Research Labs for reported to Festo"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint \"cecc-x-refresh-request\" POST request doesn\u2019t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2022-020/",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2022-020/"
}
]
},
"source": {
"advisory": "VDE-2022-020",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-30311",
"datePublished": "2022-06-13T13:45:24.763Z",
"dateReserved": "2022-05-06T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:41:46.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31107 (GCVE-0-2022-31107)
Vulnerability from cvelistv5 – Published: 2022-07-15 12:30 – Updated: 2026-01-28 04:55
VLAI
Title
Grafana account takeover via OAuth vulnerability
Summary
Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of another user in that Grafana instance. This can occur when the malicious user is authorized to log in to Grafana via OAuth, the malicious user's external user id is not already associated with an account in Grafana, the malicious user's email address is not already associated with an account in Grafana, and the malicious user knows the Grafana username of the target user. If these conditions are met, the malicious user can set their username in the OAuth provider to that of the target user, then go through the OAuth flow to log in to Grafana. Due to the way that external and internal user accounts are linked together during login, if the conditions above are all met then the malicious user will be able to log in to the target user's Grafana account. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch for this issue. As a workaround, concerned users can disable OAuth login to their Grafana instance, or ensure that all users authorized to log in via OAuth have a corresponding user account in Grafana linked to their email address.
Severity
7.1 (High)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://grafana.com/docs/grafana/next/release-not… | x_refsource_MISC |
| https://github.com/grafana/grafana/security/advis… | x_refsource_CONFIRM |
| https://grafana.com/docs/grafana/next/release-not… | x_refsource_MISC |
| https://grafana.com/docs/grafana/next/release-not… | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2022090… | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:11:38.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://grafana.com/docs/grafana/next/release-notes/release-notes-8-4-10/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-mx47-6497-3fv2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://grafana.com/docs/grafana/next/release-notes/release-notes-8-5-9/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://grafana.com/docs/grafana/next/release-notes/release-notes-9-0-3/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220901-0010/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-31107",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-27T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T04:55:31.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "grafana",
"vendor": "grafana",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.3, \u003c 8.3.10"
},
{
"status": "affected",
"version": "\u003e= 8.4.0, \u003c 8.4.10"
},
{
"status": "affected",
"version": "\u003e= 8.5.0, \u003c 8.5.9"
},
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of another user in that Grafana instance. This can occur when the malicious user is authorized to log in to Grafana via OAuth, the malicious user\u0027s external user id is not already associated with an account in Grafana, the malicious user\u0027s email address is not already associated with an account in Grafana, and the malicious user knows the Grafana username of the target user. If these conditions are met, the malicious user can set their username in the OAuth provider to that of the target user, then go through the OAuth flow to log in to Grafana. Due to the way that external and internal user accounts are linked together during login, if the conditions above are all met then the malicious user will be able to log in to the target user\u0027s Grafana account. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch for this issue. As a workaround, concerned users can disable OAuth login to their Grafana instance, or ensure that all users authorized to log in via OAuth have a corresponding user account in Grafana linked to their email address."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-01T13:06:35.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://grafana.com/docs/grafana/next/release-notes/release-notes-8-4-10/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-mx47-6497-3fv2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://grafana.com/docs/grafana/next/release-notes/release-notes-8-5-9/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://grafana.com/docs/grafana/next/release-notes/release-notes-9-0-3/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220901-0010/"
}
],
"source": {
"advisory": "GHSA-mx47-6497-3fv2",
"discovery": "UNKNOWN"
},
"title": "Grafana account takeover via OAuth vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-31107",
"STATE": "PUBLIC",
"TITLE": "Grafana account takeover via OAuth vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "grafana",
"version": {
"version_data": [
{
"version_value": "\u003e= 5.3, \u003c 8.3.10"
},
{
"version_value": "\u003e= 8.4.0, \u003c 8.4.10"
},
{
"version_value": "\u003e= 8.5.0, \u003c 8.5.9"
},
{
"version_value": "\u003e= 9.0.0, \u003c 9.0.3"
}
]
}
}
]
},
"vendor_name": "grafana"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of another user in that Grafana instance. This can occur when the malicious user is authorized to log in to Grafana via OAuth, the malicious user\u0027s external user id is not already associated with an account in Grafana, the malicious user\u0027s email address is not already associated with an account in Grafana, and the malicious user knows the Grafana username of the target user. If these conditions are met, the malicious user can set their username in the OAuth provider to that of the target user, then go through the OAuth flow to log in to Grafana. Due to the way that external and internal user accounts are linked together during login, if the conditions above are all met then the malicious user will be able to log in to the target user\u0027s Grafana account. Versions 9.0.3, 8.5.9, 8.4.10, and 8.3.10 contain a patch for this issue. As a workaround, concerned users can disable OAuth login to their Grafana instance, or ensure that all users authorized to log in via OAuth have a corresponding user account in Grafana linked to their email address."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863: Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://grafana.com/docs/grafana/next/release-notes/release-notes-8-4-10/",
"refsource": "MISC",
"url": "https://grafana.com/docs/grafana/next/release-notes/release-notes-8-4-10/"
},
{
"name": "https://github.com/grafana/grafana/security/advisories/GHSA-mx47-6497-3fv2",
"refsource": "CONFIRM",
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-mx47-6497-3fv2"
},
{
"name": "https://grafana.com/docs/grafana/next/release-notes/release-notes-8-5-9/",
"refsource": "MISC",
"url": "https://grafana.com/docs/grafana/next/release-notes/release-notes-8-5-9/"
},
{
"name": "https://grafana.com/docs/grafana/next/release-notes/release-notes-9-0-3/",
"refsource": "MISC",
"url": "https://grafana.com/docs/grafana/next/release-notes/release-notes-9-0-3/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220901-0010/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220901-0010/"
}
]
},
"source": {
"advisory": "GHSA-mx47-6497-3fv2",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-31107",
"datePublished": "2022-07-15T12:30:14.000Z",
"dateReserved": "2022-05-18T00:00:00.000Z",
"dateUpdated": "2026-01-28T04:55:31.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phase: Architecture and Design
Description:
- Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
- Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Phase: Architecture and Design
Description:
- Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].
Mitigation ID: MIT-4.4
Phase: Architecture and Design
Strategy: Libraries or Frameworks
Description:
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
Phase: Architecture and Design
Description:
- For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
- One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
Phases: System Configuration, Installation
Description:
- Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.
No CAPEC attack patterns related to this CWE.