Lucene search
K

69 matches found

CVE
CVE
added 2024/04/03 1:55 p.m.78 views

CVE-2024-21870

CVE-2024-21870 affects Open Automation Software OAS Platform V19.00.0057. Talos reports a file write vulnerability in the OAS Engine Tags Configuration: a sequence of authenticated requests can create or overwrite arbitrary files via the File Data Source/Tag configuration path, potentially leadin...

4.9CVSS8AI score0.00662EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/03 1:55 p.m.25 views

CVE-2024-21870

A file write vulnerability exists in the OAS Engine Tags Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this...

4.9CVSS5.2AI score0.00662EPSS
Exploits1References1
Talos
Talos
added 2024/04/03 12:0 a.m.40 views

Open Automation Software OAS Platform OAS Engine Tags Configuration file write vulnerability

Talos Vulnerability Report TALOS-2024-1950 Open Automation Software OAS Platform OAS Engine Tags Configuration file write vulnerability April 3, 2024 CVE Number CVE-2024-21870 SUMMARY A file write vulnerability exists in the OAS Engine Tags Configuration functionality of Open Automation Software...

4.9CVSS5.5AI score0.00662EPSS
Exploits1
Talos
Talos
added 2024/04/03 12:0 a.m.30 views

Open Automation Software OAS Platform OAS Engine Save Security Configuration file write vulnerability

Talos Vulnerability Report TALOS-2024-1951 Open Automation Software OAS Platform OAS Engine Save Security Configuration file write vulnerability April 3, 2024 CVE Number CVE-2024-22178 SUMMARY A file write vulnerability exists in the OAS Engine Save Security Configuration functionality of Open...

4.9CVSS5.4AI score0.00662EPSS
Exploits1
Talos
Talos
added 2024/04/03 12:0 a.m.34 views

Open Automation Software OAS Platform OAS Engine User Configuration improper input validation vulnerability

Talos Vulnerability Report TALOS-2024-1949 Open Automation Software OAS Platform OAS Engine User Configuration improper input validation vulnerability April 3, 2024 CVE Number CVE-2024-27201 SUMMARY An improper input validation vulnerability exists in the OAS Engine User Configuration functionali...

4.9CVSS5.5AI score0.00662EPSS
Exploits1
NVD
NVD
added 2023/09/05 5:15 p.m.40 views

CVE-2023-34994

An improper resource allocation vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to creation of an arbitrary directory. An attacker can send a sequence of...

4.3CVSS4.2AI score0.00652EPSS
Exploits1References2
NVD
NVD
added 2023/09/05 5:15 p.m.21 views

CVE-2023-35124

An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of reques...

4.3CVSS3.7AI score0.00541EPSS
Exploits1References2
OSV
OSV
added 2023/09/05 5:15 p.m.6 views

CVE-2023-31242

An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially-crafted series of network requests can lead to arbitrary authentication. An attacker can send a sequence of requests to trigger this vulnerability...

9.8CVSS5.9AI score0.03356EPSS
Exploits1References2
NVD
NVD
added 2023/09/05 5:15 p.m.30 views

CVE-2023-34317

An improper input validation vulnerability exists in the OAS Engine User Creation functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to...

6.5CVSS6.3AI score0.00758EPSS
Exploits1References2
NVD
NVD
added 2023/09/05 5:15 p.m.26 views

CVE-2023-32271

An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of reques...

6.5CVSS6.2AI score0.00871EPSS
Exploits1References2
NVD
NVD
added 2023/09/05 5:15 p.m.20 views

CVE-2023-32615

A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this...

8.1CVSS6.9AI score0.00727EPSS
Exploits0References2
NVD
NVD
added 2023/09/05 5:15 p.m.31 views

CVE-2023-34353

An authentication bypass vulnerability exists in the OAS Engine authentication functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted network sniffing can lead to decryption of sensitive information. An attacker can sniff network traffic to trigger this...

7.5CVSS7.7AI score0.01038EPSS
Exploits1References2
Prion
Prion
added 2023/09/05 5:15 p.m.15 views

Information disclosure

An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of reques...

4CVSS4.5AI score0.00541EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2023/09/05 5:15 p.m.18 views

Arbitrary file deletion

A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this...

5.5CVSS8AI score0.00727EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/09/05 5:15 p.m.26 views

Authentication flaw

An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially-crafted series of network requests can lead to arbitrary authentication. An attacker can send a sequence of requests to trigger this vulnerability...

7.5CVSS9.5AI score0.03356EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/09/05 4:15 p.m.44 views

CVE-2023-31242

CVE-2023-31242 affects Open Automation Software OAS Platform (OAS Platform) with the engine vulnerability in version 18.00.0072. Talos reports an authentication bypass in the OAS Engine, caused by default configurations allowing unauthenticated access (no admin user by default) and by flawed hand...

9.8CVSS9.5AI score0.03356EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/05 4:15 p.m.13 views

CVE-2023-31242

An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially-crafted series of network requests can lead to arbitrary authentication. An attacker can send a sequence of requests to trigger this vulnerability...

8.1CVSS9.6AI score0.03356EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/09/05 4:15 p.m.41 views

CVE-2023-34998

An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary authentication. An attacker can sniff network traffic to trigger this vulnerability...

8.1CVSS8.4AI score0.01153EPSS
Exploits0References2
CVE
CVE
added 2023/09/05 4:15 p.m.44 views

CVE-2023-34998

CVE-2023-34998 : Open Automation Software OAS Platform v18.00.0072 OAS Engine contains an authentication bypass. An attacker who can sniff traffic can capture a valid U_EP credential and craft privileged requests, bypassing authentication. The vulnerability enables access via unencrypted admin tr...

8.1CVSS9AI score0.01153EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/09/05 4:15 p.m.24 views

CVE-2023-32615

A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this...

6.5CVSS8.2AI score0.00727EPSS
Exploits0References2
Rows per page
Query Builder