Title:
FSA-202201 - Security Advisory - Festo Controller CECC-X-M1 Product Family
Subtitle:
Pre-Authentication Command Injection Vulnerability
Description:

The Festo controller CECC-X-M1 product family in multiple versions are affected by a preauthentication command injection vulnerability. Any person who is able to gain access to the webserver would be able to run arbitrary system commands on the device with root privileges.

 

Affected Festo products:

  • Controller CECC-X-M1 (4407603) - Firmware CECC-X <= 3.8.14 affected
  • Controller CECC-X-M1 (8124922) - Firmware CECC-X 4.0.14
    affected
  • Controller CECC-X-M1-MV (4407605) - Firmware CECC-X <=
    3.8.14 affected
  • Controller CECC-X-M1-MV (8124923) - Firmware CECC-X 4.0.14
    affected
  • Controller CECC-X-M1-MVS1 (4407606) - Firmware CECC-X <=
    3.8.14 affected
  • Controller CECC-X-M1-MVS1 (8124924) - Firmware CECC-X 4.0.14
    affected
  • Controller CECC-X-M1-YYJKP (4803891) - Firmware CECC-X <=
    3.8.14 affected
  • Controller CECC-X-M1-YSL1 (8082793) - Firmware CECC-X <=
    3.8.14 affected
  • Controller CECC-X-M1-YSL2 (8082794) - Firmware CECC-X <=
    3.8.14 affected
  • Servo Press Kit YJKP (8077950) - Firmware CECC-X <=
    3.8.14 affected
  • Servo Press Kit YJKP (8058596) - Firmware CECC-X <=
    3.8.14 affected
Document type:
Security Advisory
Title Version

CSAF edition of FSA-202201
fsa-202201.json English [en] File size: 30 KB Version: 1.1.1

PDF edition of FSA-202201
fsa-202201.pdf English [en] File size: 56 KB Version: 1.1.1