Festo Controller CECC-X-M1 product family command execution (CVE-2022-30308)



Appliance Details

A compact programmable logic controller with ethernet capability.


Vulnerability

Festo Controller CECC-X-M1 product family could allow a remote attacker to execute arbitrary commands on the system, caused by improper access control command injection. This is just an example of one of the vulnerabilities, below is a full list of CVEs assigned to the Festo Controller Command Execution:


CVE-2022-30309
CVE-2022-30310
CVE-2022-30311

Identification

By sending a specially crafted http-endpoint cecc-x-web-viewer-request-on POST request, an attacker could exploit this vulnerability to execute arbitrary commands with root privileges.


POST /cgi-bin/cecc-x-web-viewer-request-on
PAYLOAD - request=$(nc -l -p 4444 -e sh)


Detection

By turning this into a traffic file and matching rule, we are able to detect attempts of unauthorised execution of system commands, with root privileges.


Coverage

Idappcom has created signature 8022878 along with a traffic file. As well as this coverage is provided for the remaining CVEs under signatures 8022875, 8022876 and 8022877.


References

CVE-2022-30308

VDE CERT


Traffic IQ

If you are concerned that your business may be at risk of this vulnerability, or others, why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here: https://www.idappcom.co.uk/traffic-iq-professional