Appliance Details
A compact programmable logic controller with ethernet capability.
Vulnerability
Festo Controller CECC-X-M1 product family could allow a remote attacker to execute arbitrary commands on the system, caused by improper access control command injection. This is just an example of one of the vulnerabilities, below is a full list of CVEs assigned to the Festo Controller Command Execution:
CVE-2022-30309
CVE-2022-30310
CVE-2022-30311
Identification
By sending a specially crafted http-endpoint cecc-x-web-viewer-request-on POST request, an attacker could exploit this vulnerability to execute arbitrary commands with root privileges.
POST /cgi-bin/cecc-x-web-viewer-request-on
PAYLOAD - request=$(nc -l -p 4444 -e sh)
Detection
By turning this into a traffic file and matching rule, we are able to detect attempts of unauthorised execution of system commands, with root privileges.
Coverage
Idappcom has created signature 8022878 along with a traffic file. As well as this coverage is provided for the remaining CVEs under signatures 8022875, 8022876 and 8022877.
References
Traffic IQ
If you are concerned that your business may be at risk of this vulnerability, or others, why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here: https://www.idappcom.co.uk/traffic-iq-professional
Comments