{"vulnerability": "cve-2022-3031", "sightings": [{"uuid": "7c7ee66f-7c58-474e-99cf-02298cc6c17c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-30310", "type": "seen", "source": "https://t.me/cibsecurity/44292", "content": "\u203c CVE-2022-30310 \u203c\n\nIn Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint \"cecc-x-acknerr-request\" POST request doesn\u00c3\u00a2\u00e2\u201a\u00ac\u00e2\u201e\u00a2t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-13T18:17:54.000000Z"}, {"uuid": "ac37b1c7-ecc1-41f4-8899-9745d6cfada2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3031", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16156", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-3031\n\ud83d\udd25 CVSS Score: 3.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: An issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It may be possible for an attacker to guess a user's password by brute force by sending crafted requests to a specific endpoint, even if the victim user has 2FA enabled on their account.\n\ud83d\udccf Published: 2022-10-17T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-13T16:20:42.728Z\n\ud83d\udd17 References:\n1. https://gitlab.com/gitlab-org/gitlab/-/issues/340395\n2. https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3031.json", "creation_timestamp": "2025-05-13T16:30:35.000000Z"}, {"uuid": "8174fbb9-8719-4ca1-aa7f-33ac0df1001e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-30318", "type": "seen", "source": "https://t.me/cibsecurity/49132", "content": "\u203c CVE-2022-30318 \u203c\n\nHoneywell ControlEdge through R151.1 uses Hard-coded Credentials. According to FSCT-2022-0056, there is a Honeywell ControlEdge hardcoded credentials issue. The affected components are characterized as: SSH. The potential impact is: Remote code execution, manipulate configuration, denial of service. The Honeywell ControlEdge PLC and RTU product line exposes an SSH service on port 22/TCP. Login as root to this service is permitted and credentials for the root user are hardcoded without automatically changing them upon first commissioning. The credentials for the SSH service are hardcoded in the firmware. The credentials grant an attacker access to a root shell on the PLC/RTU, allowing for remote code execution, configuration manipulation and denial of service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-31T20:43:07.000000Z"}, {"uuid": "31427082-1ec0-4516-97fa-3a8656c4a2f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-30314", "type": "seen", "source": "https://t.me/cibsecurity/47221", "content": "\u203c CVE-2022-30314 \u203c\n\nHoneywell Experion PKS Safety Manager 5.02 uses Hard-coded Credentials. According to FSCT-2022-0052, there is a Honeywell Experion PKS Safety Manager hardcoded credentials issue. The affected components are characterized as: POLO bootloader. The potential impact is: Manipulate firmware. The Honeywell Experion PKS Safety Manager utilizes the DCOM-232/485 serial interface for firmware management purposes. When booting, the Safety Manager exposes the Enea POLO bootloader via this interface. Access to the boot configuration is controlled by means of credentials hardcoded in the Safety Manager firmware. The credentials for the bootloader are hardcoded in the firmware. An attacker with access to the serial interface (either through physical access, a compromised EWS or an exposed serial-to-ethernet gateway) can utilize these credentials to control the boot process and manipulate the unauthenticated firmware image (see FSCT-2022-0054).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-28T20:12:44.000000Z"}, {"uuid": "56023f11-dc54-4aec-ba6a-b806531467cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-30313", "type": "seen", "source": "https://t.me/cibsecurity/47220", "content": "\u203c CVE-2022-30313 \u203c\n\nHoneywell Experion PKS Safety Manager through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0051, there is a Honeywell Experion PKS Safety Manager multiple proprietary protocols with unauthenticated functionality issue. The affected components are characterized as: Honeywell Experion TCP (51000/TCP), Safety Builder (51010/TCP). The potential impact is: Manipulate controller state, Manipulate controller configuration, Manipulate controller logic, Manipulate controller files, Manipulate IO. The Honeywell Experion PKS Distributed Control System (DCS) Safety Manager utilizes several proprietary protocols for a wide variety of functionality, including process data acquisition, controller steering and configuration management. These protocols include: Experion TCP (51000/TCP) and Safety Builder (51010/TCP). None of these protocols have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality. There is no authentication functionality on the protocols in question. An attacker capable of invoking the protocols' functionalities could achieve a wide range of adverse impacts, including (but not limited to), the following: for Experion TCP (51000/TCP): Issue IO manipulation commands, Issue file read/write commands; and for Safety Builder (51010/TCP): Issue controller start/stop commands, Issue logic download/upload commands, Issue file read commands, Issue system time change commands. A mitigating factor with regards to some, but not all, of the above functionality is that these require the Safety Manager physical keyswitch to be in the right position.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-28T20:12:43.000000Z"}, {"uuid": "e07f03b5-3942-45d2-a835-c4e159f9601d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-30311", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/6376", "content": "#exploit\n1. CVE-2022-30308, CVE-2022-30309, CVE-2022-30310, CVE-2022-30311:\nFESTO: CECC-X-M1 - Command Injection Vulnerabilities\nhttps://onekey.com/blog/advisory-festo-cecc-x-m1-command-injection-vulnerabilities\n\n2. CVE-2022-26377:\nApache HTTPd AJP Request Smuggling\nhttp://noahblog.360.cn/apache-httpd-ajp-request-smuggling", "creation_timestamp": "2022-07-11T12:37:51.000000Z"}, {"uuid": "4b1cd5fc-b7e3-47e8-acee-ef93929225c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-30310", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/6376", "content": "#exploit\n1. CVE-2022-30308, CVE-2022-30309, CVE-2022-30310, CVE-2022-30311:\nFESTO: CECC-X-M1 - Command Injection Vulnerabilities\nhttps://onekey.com/blog/advisory-festo-cecc-x-m1-command-injection-vulnerabilities\n\n2. CVE-2022-26377:\nApache HTTPd AJP Request Smuggling\nhttp://noahblog.360.cn/apache-httpd-ajp-request-smuggling", "creation_timestamp": "2022-07-11T12:37:51.000000Z"}, {"uuid": "527163df-c29b-4e2d-9af3-97a49c144888", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-30311", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-182-04", "content": "", "creation_timestamp": "2025-07-01T10:00:00.000000Z"}, {"uuid": "a7dda3e3-041f-4db9-ac7a-b814a7a4ce21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-30310", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-182-04", "content": "", "creation_timestamp": "2025-07-01T10:00:00.000000Z"}, {"uuid": "9dc0aec9-4259-44b4-9edf-a39ae1bb1eb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3031", "type": "seen", "source": "https://t.me/cibsecurity/51612", "content": "\u203c CVE-2022-3031 \u203c\n\nAn issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It may be possible for an attacker to guess a user's password by brute force by sending crafted requests to a specific endpoint, even if the victim user has 2FA enabled on their account.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-17T20:13:30.000000Z"}, {"uuid": "750081e4-aff8-4bef-8c2b-4806c1bb10b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-30317", "type": "seen", "source": "https://t.me/cibsecurity/49135", "content": "\u203c CVE-2022-30317 \u203c\n\nHoneywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0055, there is a Honeywell Experion LX Control Data Access (CDA) EpicMo protocol with unauthenticated functionality issue. The affected components are characterized as: Honeywell Control Data Access (CDA) EpicMo (55565/TCP). The potential impact is: Firmware manipulation, Denial of service. The Honeywell Experion LX Distributed Control System (DCS) utilizes the Control Data Access (CDA) EpicMo protocol (55565/TCP) for device diagnostics and maintenance purposes. This protocol does not have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality. There is no authentication functionality on the protocol in question. An attacker capable of invoking the protocols' functionalities could issue firmware download commands potentially allowing for firmware manipulation and reboot devices causing denial of service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-31T20:43:11.000000Z"}, {"uuid": "d9ccb742-e7ba-42b0-9cf7-4e0234992aa8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-30311", "type": "seen", "source": "https://t.me/cibsecurity/44306", "content": "\u203c CVE-2022-30311 \u203c\n\nIn Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint \"cecc-x-refresh-request\" POST request doesn\u00c3\u00a2\u00e2\u201a\u00ac\u00e2\u201e\u00a2t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-13T18:18:12.000000Z"}]}