Open Automation Software OAS Platform 访问控制错误漏洞

🗓️ 25 May 2022 00:00:00Reported by China National Vulnerability Database of Information SecurityType

cnnvd

cnnvd🔗 www.cnnvd.org.cn👁 2 Views

OAS Platform has an access control flaw enabling unauthenticated REST API access by crafted HTTP requests.

Reporter	Title	Published	Views	Family All 16
ATTACKERKB	CVE-2022-26833	25 May 202200:00	–	attackerkb
BDU FSTEC	The vulnerability of the REST API interface implementation of the software package for working with IoT devices, known as Open Automation Software, arises from the lack of authentication for a critical function. This allows a perpetrator to execute arbitrary code.	1 Jun 202200:00	–	bdu_fstec
Circl	CVE-2022-26833	26 May 202218:20	–	circl
CNVD	Open Automation Software OAS Platform Access Control Error Vulnerability (CNVD-2022-58679)	26 May 202200:00	–	cnvd
Check Point Advisories	Open Automation Software Platform Authentication Bypass (CVE-2022-26833)	17 Nov 202200:00	–	checkpoint_advisories
CVE	CVE-2022-26833	25 May 202220:15	–	cve
Cvelist	CVE-2022-26833	25 May 202220:15	–	cvelist
NCSC	Vulnerabilities fixed in Open Automation Software Platform	27 May 202200:00	–	ncsc
Nuclei	Open Automation Software OAS Platform V16.00.0121 - Missing Authentication	25 Jun 202605:45	–	nuclei
NVD	CVE-2022-26833	25 May 202221:15	–	nvd

Source	Link
talosintelligence	www.talosintelligence.com/vulnerability_reports/TALOS-2022-1513
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2022052616
talosintelligence	www.talosintelligence.com/vulnerability_reports/TALOS-2022-1513
cxsecurity	www.cxsecurity.com/cveshow/CVE-2022-26833/

23 May 2026 00:00Current

5.6Medium risk

Vulners AI Score5.6

CVSS 27.5

CVSS 3.19.4

EPSS0.37606

Open Automation Platform access control flaw unauthenticated web service access crafted web requests