Lucene search

[email protected]CVE-2022-26833

HistoryMay 25, 2022 - 9:15 p.m.

CVE-2022-26833

2022-05-2521:15:08

CWE-306

[email protected]

web.nvd.nist.gov

647

cve-2022-26833

vulnerability

open automation software

oas platform

rest api

unauthenticated use

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

9.3 High

AI Score

Confidence

High

0.017 Low

EPSS

Percentile

87.7%

JSON

An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this vulnerability.

Affected configurations

Vulners

NVD

Node

openautomationsoftwareoas_platformRange≤V16.00.0121

CPENameOperatorVersion
openautomationsoftware:oas_platformopenautomationsoftware oas platformeq16.00.0112

CPE	Name	Operator	Version
openautomationsoftware:oas_platform	openautomationsoftware oas platform	eq	16.00.0112

CNA Affected

[
  {
    "vendor": "Open Automation Software",
    "product": "OAS Platform",
    "versions": [
      {
        "version": "V16.00.0121",
        "status": "affected"
      }
    ]
  }
]