PatchSiren cyber security CVE debrief
CVE-2022-30309 Festo CVE debrief
CVE-2022-30309 is a critical command-injection issue in Festo Controller CECC-X-M1 family products. The affected HTTP endpoint, "cecc-x-web-viewer-request-off", does not check port syntax in a POST request, which can allow unauthorized execution of system commands with root privileges. CISA’s CSAF advisory lists multiple affected controller and servo press kit firmware builds and provides fixed versions for each product line.
- Vendor
- Festo
- Product
- Hardware
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2022-07-06
- Original CVE updated
- 2025-06-23
- Advisory published
- 2022-07-06
- Advisory updated
- 2025-06-23
Who should care
Industrial control system operators, maintenance teams, and integrators using Festo CECC-X-M1 family controllers or Servo Press Kit YJKP systems should treat this as high priority. Any environment running the affected firmware versions listed in the advisory should plan remediation, especially where the device is reachable over the network.
Technical summary
The vulnerability is described as improper access control leading to command injection in the HTTP endpoint "cecc-x-web-viewer-request-off". The POST request does not validate port syntax, and the resulting flaw can permit unauthorized system command execution with root privileges. The advisory maps affected firmware versions to specific Festo controller and servo press kit products and identifies fixed releases 3.8.18 or 4.0.18 depending on the product.
Defensive priority
Critical. Prioritize rapid identification of affected devices and firmware, then upgrade to the fixed firmware version specified for each product in the advisory.
Recommended defensive actions
- Inventory Festo CECC-X-M1 family controllers and Servo Press Kit YJKP devices across the environment.
- Check installed firmware against the advisory’s affected versions and fixed versions for each specific product model.
- Upgrade to the fixed firmware version listed in the advisory: 3.8.18 or 4.0.18 depending on the product.
- Restrict access to the affected HTTP management interface until remediation is complete.
- Apply industrial control system network segmentation and access controls to reduce exposure of management services.
- Review operational monitoring for unexpected commands or configuration changes on affected devices.
Evidence notes
The source corpus states that the affected HTTP endpoint is "cecc-x-web-viewer-request-off" and that the POST request does not check port syntax, enabling unauthorized execution of system commands with root privileges. The CISA CSAF advisory enumerates affected products and firmware versions, and the remediation table lists fixed versions per product. Published date used here is the CVE/source publication date of 2022-07-06; the 2025-06-23 modification date reflects later advisory maintenance, not the original issue date.
Official resources
-
CVE-2022-30309 CVE record
CVE.org
-
CVE-2022-30309 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed on 2022-07-06 in the source advisory and CVE record. The advisory was later updated on 2025-06-23 for document metadata changes, while the original vulnerability publication date remains 2022-07-06.