PatchSiren cyber security CVE debrief
CVE-2022-30310 Festo CVE debrief
CVE-2022-30310 is a critical vulnerability in Festo CECC-X-M1 family products where the HTTP endpoint "cecc-x-acknerr-request" does not validate port syntax in a POST request. According to the advisory, this can allow unauthorized execution of system commands with root privileges. The issue was publicly disclosed on 2022-07-06 and remains relevant for any deployment running one of the affected firmware versions listed in the advisory.
- Vendor
- Festo
- Product
- Hardware
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2022-07-06
- Original CVE updated
- 2025-06-23
- Advisory published
- 2022-07-06
- Advisory updated
- 2025-06-23
Who should care
Industrial control system operators, OT security teams, plant engineers, and integrators responsible for Festo Controller CECC-X-M1 and related Servo Press Kit YJKP deployments should treat this as high priority. It is especially important for environments where the device web interface or management plane is reachable from broader networks.
Technical summary
The flaw affects Festo Controller CECC-X-M1 product family variants and related Servo Press Kit YJKP installations. The advisory states that the HTTP endpoint "cecc-x-acknerr-request" in a POST request does not check port syntax, creating a command-injection condition with improper access control. The result can be execution of system commands with root privileges. CISA's CSAF advisory lists affected firmware/product combinations and identifies fixed releases including 3.8.18 and 4.0.18 depending on the specific product/order code.
Defensive priority
Critical and urgent. Because the issue is network-reachable, requires no user interaction, and can lead to root-level command execution, organizations should prioritize inventorying exposed assets, confirming firmware versions, and applying the vendor-fixed release as soon as operationally feasible.
Recommended defensive actions
- Inventory all Festo CECC-X-M1 and Servo Press Kit YJKP assets and confirm the exact firmware and order code in use.
- Upgrade each affected product to the fixed firmware version listed in the advisory for that specific model, using 3.8.18 or 4.0.18 as applicable.
- Restrict access to the device HTTP management interface so only trusted administrative networks can reach it.
- Review network and device logs for unexpected or unauthorized POST requests to the "cecc-x-acknerr-request" endpoint.
- Apply ICS defense-in-depth guidance and segment OT devices from user and enterprise networks where possible.
Evidence notes
The supplied CISA CSAF source and linked vendor references describe a POST-based HTTP endpoint validation failure that can lead to command injection and root-privileged system command execution. The source lists affected Festo products and remediation versions, including 3.8.18 and 4.0.18 for specific CECC-X-M1 variants. The CVSS vector provided is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, which aligns with a remotely exploitable, high-impact issue. The supplied enrichment does not indicate KEV inclusion.
Official resources
-
CVE-2022-30310 CVE record
CVE.org
-
CVE-2022-30310 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Public disclosure date for the CVE is 2022-07-06. The supplied CSAF revision history shows later editorial updates on 2025-06-05 and 2025-06-23, but those do not change the original CVE publication date.