A compact programmable logic controller with ethernet capability.
Festo Controller CECC-X-M1 product family could allow a remote attacker to execute arbitrary commands on the system, caused by improper access control command injection. This is just an example of one of the vulnerabilities, below is a full list of CVEs assigned to the Festo Controller Command Execution:
CVE-2022-30309 CVE-2022-30310 CVE-2022-30311
By sending a specially crafted http-endpoint cecc-x-web-viewer-request-on POST request, an attacker could exploit this vulnerability to execute arbitrary commands with root privileges.
PAYLOAD - request=$(nc -l -p 4444 -e sh)
By turning this into a traffic file and matching rule, we are able to detect attempts of unauthorised execution of system commands, with root privileges.
Idappcom has created signature 8022878 along with a traffic file. As well as this coverage is provided for the remaining CVEs under signatures 8022875, 8022876 and 8022877.
If you are concerned that your business may be at risk of this vulnerability, or others, why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here: https://www.idappcom.co.uk/traffic-iq-professional