PatchSiren cyber security CVE debrief
CVE-2022-30311 Festo CVE debrief
CVE-2022-30311 affects Festo CECC-X-M1 family products where the HTTP POST endpoint "cecc-x-refresh-request" fails to validate port syntax. According to the advisory, that weakness can allow unauthorized system command execution with root privileges. CISA’s CSAF record lists fixed firmware releases of 3.8.18 or 4.0.18 depending on the specific product/order code, and the advisory was initially published on 2022-07-06 with a later document revision on 2025-06-23.
- Vendor
- Festo
- Product
- Hardware
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2022-07-06
- Original CVE updated
- 2025-06-23
- Advisory published
- 2022-07-06
- Advisory updated
- 2025-06-23
Who should care
OT/ICS asset owners, plant operators, maintenance teams, and security staff responsible for Festo CECC-X-M1 controllers or Servo Press Kit deployments should treat this as a high-priority issue, especially where management interfaces are reachable from broader operational networks.
Technical summary
The issue is a command-injection condition in the CECC-X-M1 product family’s HTTP endpoint "cecc-x-refresh-request." The source advisory states the POST request does not check port syntax, creating an improper-access-control path that can be used to execute system commands as root. The published CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating a network-reachable, unauthenticated flaw with severe confidentiality, integrity, and availability impact. Affected firmware entries include versions at or below 3.8.14 for multiple controller and Servo Press Kit variants, and 4.0.14 for specific controller variants; remediation lists fixed versions of 3.8.18 or 4.0.18 by product/order code.
Defensive priority
Immediate. The combination of unauthenticated network exposure and root-level command execution potential makes this a patch-now issue for any affected deployment.
Recommended defensive actions
- Inventory Festo CECC-X-M1 family devices and map each unit to its exact product/order code and installed firmware.
- Upgrade to the vendor-specified fixed firmware: 3.8.18 or 4.0.18, matching the affected product variant.
- Restrict access to device management and HTTP interfaces to trusted engineering networks only.
- Apply network segmentation and least-privilege controls around OT assets that expose web administration functions.
- Validate operational behavior after upgrading, and coordinate maintenance windows with the vendor or system integrator.
- Review adjacent systems for unnecessary reachability to the affected HTTP endpoint and remove broad routing/firewall allowances where possible.
Evidence notes
The supplied source corpus describes the vulnerable endpoint and impact directly: the POST request to "cecc-x-refresh-request" does not check port syntax, which can enable unauthorized system command execution with root privileges. The CISA CSAF advisory (ICSA-25-182-04) lists the affected Festo product families and the fixed firmware versions in its remediation table. The timeline shows initial publication on 2022-07-06 and a later document revision on 2025-06-23; those dates are source/advisory dates, not exploitation dates.
Official resources
-
CVE-2022-30311 CVE record
CVE.org
-
CVE-2022-30311 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the CISA CSAF advisory record and referenced vendor/CERT-VDE advisories, with initial publication dated 2022-07-06 and a later advisory revision dated 2025-06-23. No KEV listing was supplied in the source corpus.