Lucene search

TalosCVELIST:CVE-2024-24976

HistoryApr 03, 2024 - 1:55 p.m.

CVE-2024-24976

2024-04-0313:55:03

CWE-130

talos

www.cve.org

denial of service

oas platform

vulnerability

network requests

oas engine file data source configuration

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

13.3%

JSON

A denial of service vulnerability exists in the OAS Engine File Data Source Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can cause the running program to stop. An attacker can send a sequence of requests to trigger this vulnerability.

CNA Affected

[
  {
    "vendor": "Open Automation Software",
    "product": "OAS Platform",
    "versions": [
      {
        "version": "V19.00.0057",
        "status": "affected"
      }
    ]
  }
]

References

talosintelligence.com/vulnerability_reports/TALOS-2024-1948

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

13.3%

JSON

Related for CVELIST:CVE-2024-24976