M. Illes

**Name of the Vulnerable Software and Affected Versions** Festo Controller CECC-X-M1 product family (affected versions not specified) **Description** The issue concerns the `http-endpoint` "cecc-x-web-viewer-request-on" `POST` request, which does not check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Festo Controller CECC-X-M1 product family (affected versions not specified) **Description** The issue concerns the `http-endpoint` "cecc-x-web-viewer-request-off" `POST` request, which does not check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Festo Controller CECC-X-M1 product family (affected versions not specified) **Description** The issue is related to the http-endpoint "cecc-x-acknerr-request" POST request, which does not check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.