Vulnerabilities > Festo > Controller Cecc X M1 Y Yjkp Firmware > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-12-01 CVE-2022-3270 Unspecified vulnerability in Festo products
In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protocol which could lead to a complete loss of confidentiality, integrity and availability.
network
low complexity
festo
critical
9.8
2022-06-13 CVE-2022-30311 Incorrect Authorization vulnerability in Festo products
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax.
network
low complexity
festo CWE-863
critical
9.8
2022-06-13 CVE-2022-30310 Incorrect Authorization vulnerability in Festo products
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax.
network
low complexity
festo CWE-863
critical
9.8
2022-06-13 CVE-2022-30309 Incorrect Authorization vulnerability in Festo products
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax.
network
low complexity
festo CWE-863
critical
9.8
2022-06-13 CVE-2022-30308 Incorrect Authorization vulnerability in Festo products
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax.
network
low complexity
festo CWE-863
critical
9.8