Summary
The Festo controller CECC-X-M1 product family in multiple versions are affected by a preauthentication command injection vulnerability.
Update A, 2022-07-05
Remediation has been updated. Fixed firmwares are now available.
Impact
Any person who is able to gain access to the webserver would be able to run arbitrary system commands on the device with root privileges.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| 8124922, 4407603 | Controller CECC-X-M1 | Firmware <=3.8.14, Firmware 4.0.14 |
| 4407605, 8124923 | Controller CECC-X-M1-MV | Firmware 4.0.14, Firmware <=3.8.14 |
| 8124924, 4407606 | Controller CECC-X-M1-MV-S1 | Firmware <=3.8.14, Firmware 4.0.14 |
| 4803891 | Controller CECC-X-M1-Y-YJKP | Firmware <=3.8.14 |
| 8082793 | Controller CECC-X-M1-YS-L1 | Firmware <=3.8.14 |
| 8082794 | Controller CECC-X-M1-YS-L2 | Firmware <=3.8.14 |
| 8077950 | Servo Press Kit YJKP | Firmware <=3.8.14 |
| 8058596 | Servo Press Kit YJKP- | Firmware <=3.8.14 |
Vulnerabilities
Expand / Collapse allIn Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn't check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn't check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn't check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn't check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.
Remediation
Please update to firmware versions as described below:
| Product | Product Details | Fixed in version |
|---|---|---|
| Controller CECC-X-M1 | Festo:Partnumber:4407603 Festo:Ordercode:CECC-X-M1 | 3.8.18 |
| Controller CECC-X-M1 | Festo:Partnumber:8124922 Festo:Ordercode:CECC-X-M1 | 4.0.18 |
| Controller CECC-X-M1-MV | Festo:Partnumber:4407605 Festo:Ordercode:CECC-X-M1-MV | 3.8.18 |
| Controller CECC-X-M1-MV | Festo:Partnumber:8124923 Festo:Ordercode:CECC-X-M1-MV | 4.0.18 |
| Controller CECC-X-M1-MVS1 | Festo:Partnumber:4407606 Festo:Ordercode:CECC-X-M1-MV-S1 | 3.8.18 |
| Controller CECC-X-M1-MVS1 | Festo:Partnumber:8124924 Festo:Ordercode:CECC-X-M1-MV-S1 | 4.0.18 |
| Controller CECC-X-M1-YYJKP | Festo:Partnumber:4803891 Festo:Ordercode:CECC-X-M1-YYJKP | 3.8.18 |
| Controller CECC-X-M1-YSL1 | Festo:Partnumber:8082793 Festo:Ordercode:CECC-X-M1-YS-L1 | 3.8.18 |
| Controller CECC-X-M1-YSL2 | Festo:Partnumber:8082794 Festo:Ordercode:CECC-X-M1-YS-L2 | 3.8.18 |
| Servo Press Kit YJKP | Festo:Partnumber:8077950 Festo:Ordercode:YJKP | 3.8.18 |
| Servo Press Kit YJKP | Festo:Partnumber:8058596 Festo:Ordercode:YJKP | 3.8.18 |
Revision History
| Version | Date | Summary |
|---|---|---|
| 1 | 06.07.2022 09:00 | Initial revision. |
| 2 | 05.06.2025 15:28 | Fix: quotation mark |
| 3 | 23.06.2025 10:00 | Changed Document ID |