CVE-2022-3079 Festo control block CPX-CEC-C1 and CPX-CMXX allow unauthenticated, remote access to webpage functions which may cause a denial of service.

This risk also exists in versions of Xceed CMS prior to 5.0.2.1. Users should upgrade to a fixed version immediately. Xceed CMS versions prior to 5.0.2.1 are vulnerable to remote code execution due to insecure use of the unauthenticated, remote control of critical functions in Xceed CMS. Remote attackers may exploit this vulnerability to cause a denial of service, obtain elevated privileges, or execute arbitrary code via a specially crafted request. Xceed CMS versions prior to 5.0.2.1 are vulnerable to remote code execution due to insecure use of the unauthenticated, remote control of critical functions in Xceed CMS. Remote attackers may exploit this vulnerability to cause a denial of service, obtain elevated privileges, or execute arbitrary code via a specially crafted request. Xceed CMS versions prior to 5.0.2.1 are vulnerable to remote code execution due to insecure use of the unauthenticated, remote control of critical functions in Xceed CMS. Remote attackers may exploit this vulnerability to cause a denial of service, obtain elevated privileges, or execute arbitrary code via a specially crafted request. Xceed CMS versions prior to 5.0.2.1 are vulnerable to remote code execution due to insecure use of the unauthenticated, remote control of critical functions in Xceed CMS. Remote attackers may exploit this vulnerability to cause a denial of service, obtain elevated privileges, or execute arbitrary code via a specially crafted request. Xceed CMS versions prior to 5

Summary

Versions of Xceed CMS prior to 5.0.2.1 are vulnerable to remote code execution due to insecure use of the unauthenticated, remote control of critical functions in Xceed CMS. Remote attackers may exploit this vulnerability to cause a denial of service, obtain elevated privileges, or execute arbitrary code via a specially crafted request.

How to Upgrade to a Fixed Version

Users should upgrade to a fixed version of Xceed CMS.
Upgrade to Xceed CMS 5.0.2.1 or higher.

Timeline

Published on: 09/20/2022 10:15:00 UTC
Last modified on: 09/21/2022 18:06:00 UTC

References

• https://cert.vde.com/en/advisories/VDE-2022-036
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3079