CVE-2023-34317

2023-09-0517:15:08

CWE-20

[email protected]

web.nvd.nist.gov

cve-2023-34317

improper input validation

oas engine

user creation

open automation software

oas platform

security vulnerability

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.4%

JSON

An improper input validation vulnerability exists in the OAS Engine User Creation functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to trigger this vulnerability.

Affected configurations

Vulners

NVD

Node

openautomationsoftwareoas_platformRange≤v18.00.0072

CPENameOperatorVersion
openautomationsoftware:oas_platformopenautomationsoftware oas platformeq18.00.0072

CPE	Name	Operator	Version
openautomationsoftware:oas_platform	openautomationsoftware oas platform	eq	18.00.0072

CNA Affected

[
  {
    "vendor": "Open Automation Software",
    "product": "OAS Platform",
    "versions": [
      {
        "version": "v18.00.0072",
        "status": "affected"
      }
    ]
  }
]