Lucene search
+L

157 matches found

CVE
CVE
added 2022/05/25 8:15 p.m.75 views

CVE-2022-26303

Open Automation Software OAS Platform V16.00.0112 contains an external config control vulnerability in the OAS Engine SecureAddUser function. The issue allows unauthenticated network requests to create new OAS user accounts, via a sequence targeting TCP/58727, with a resulting account validated b...

7.5CVSS7.5AI score0.01208EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/05/25 8:15 p.m.7 views

CVE-2022-26082

A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability...

9.1CVSS9.7AI score0.18607EPSS
Exploits1References1
CVE
CVE
added 2022/05/25 8:15 p.m.99 views

CVE-2022-26082

Open Automation Software OAS Platform vulnerable in the Engine SecureTransferFiles function (OAS Platform v16.00.0112). The root cause is missing authentication for a critical function (CWE-306), allowing a remote attacker to upload arbitrary files via a crafted sequence of network messages, lead...

9.8CVSS9.7AI score0.18607EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/05/25 8:15 p.m.7 views

CVE-2022-26077

A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. A targeted network sniffing attack can lead to a disclosure of sensitive information. An attacker can sniff...

7.5CVSS7.4AI score0.01093EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2022/05/25 8:15 p.m.4 views

CVE-2022-26067

An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to arbitrary file read. An attacker can send a sequence of requests to trigger this...

4.9CVSS7.4AI score0.01221EPSS
Exploits1References1
CVE
CVE
added 2022/05/25 8:15 p.m.84 views

CVE-2022-26067

CVE-2022-26067 affects Open Automation Software OAS Platform (OAS Engine SecureTransferFiles) version 16.00.0112. A crafted sequence of network requests can read arbitrary files, enabled by a missing authentication for a critical function (CWE-306). Reported CVSSv3 base score 4.9 (in TALOS) up to...

7.5CVSS7.2AI score0.01221EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/05/25 8:15 p.m.90 views

CVE-2022-26043

CVE-2022-26043 affects Open Automation Software OAS Platform 16.00.0112, specifically the OAS Engine SecureAddSecurity function. TALOS details an external config control vulnerability where unauthenticated config messages can create a custom Security Group, enabling file-transfer permissions and ...

7.5CVSS7.5AI score0.01208EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/05/25 8:15 p.m.5 views

CVE-2022-26043

An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of a custom Security Group. An attacker can send a sequence of requests t...

7.5CVSS7.4AI score0.01208EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/05/25 8:15 p.m.27 views

CVE-2022-26043

An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of a custom Security Group. An attacker can send a sequence of requests t...

7.5CVSS7.6AI score0.01208EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2022/05/25 8:15 p.m.7 views

CVE-2022-26026

A denial of service vulnerability exists in the OAS Engine SecureConfigValues functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to loss of communications. An attacker can send a network request to trigger this vulnerability...

7.5CVSS7.3AI score0.0114EPSS
Exploits1References1
Talos Blog
Talos Blog
added 2022/05/25 8:18 a.m.16 views

Vulnerability Spotlight: Vulnerabilities in Open Automation Software Platform could lead to information disclosure, denial of service

Jared Rittle of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered eight vulnerabilities in the Open Automation Software Platform that could allow an adversary to carry out a variety of malicious actions, including improperly authenticating into...

1.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2022/05/25 12:0 a.m.2 views

PT-2022-2740 · Open Automation · Open Automation Software Oas Platform

Name of the Vulnerable Software and Affected Versions: Open Automation Software OAS Platform version 16.00.0121 Description: The issue is related to an improper authentication vulnerability in the REST API functionality. This vulnerability can be triggered by a specially-crafted series of HTTP...

9.7CVSS9.3AI score0.37606EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2022/05/25 12:0 a.m.6 views

PT-2022-17648 · Open Automation · Open Automation Software Oas Platform

Name of the Vulnerable Software and Affected Versions: Open Automation Software OAS Platform version 16.00.0112 Description: An information disclosure issue exists in the OAS Engine SecureTransferFiles functionality. A specially-crafted series of network requests can lead to arbitrary file read. ...

7.5CVSS7.2AI score0.01221EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/05/25 12:0 a.m.5 views

Open Automation Software OAS Platform 安全漏洞

Open Automation Software OAS Platform is an industrial Internet of Things IoT suite from Open Automation Software, Inc. Open Automation Software OAS Platform version V16.00.0112 is vulnerable to information disclosure and can be exploited by attackers to obtain sensitive information via targeted...

7.5CVSS5.5AI score0.01093EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2022/05/25 12:0 a.m.7 views

PT-2022-3463 · Open Automation · Open Automation Software Oas Platform

Name of the Vulnerable Software and Affected Versions: Open Automation Software OAS Platform version V16.00.0112 Description: The issue concerns the OAS Engine SecureAddSecurity functionality, where a lack of authentication check for a critical function can be exploited. An attacker can send a...

7.8CVSS7.5AI score0.01208EPSS
Exploits1References3
Talos
Talos
added 2022/05/25 12:0 a.m.31 views

Open Automation Software Platform Engine SecureBrowseFile information disclosure vulnerability

Summary An information disclosure vulnerability exists in the OAS Engine SecureBrowseFile functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to a disclosure of sensitive information. An attacker can send a network request to trigger th...

7.5CVSS7.6AI score0.01641EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2022/05/25 12:0 a.m.5 views

CVE-2022-26833

An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this...

9.4CVSS5.9AI score0.37606EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2022/05/25 12:0 a.m.8 views

Open Automation Software OAS Platform 访问控制错误漏洞

Open Automation Software OAS Platform is an industrial Internet of Things IoT suite from Open Automation Software, Inc. Open Automation Software OAS Platform V16.00.0112 is vulnerable to an access control error that could be exploited to create OAS user accounts with specially crafted network...

7.5CVSS5.5AI score0.01208EPSS
Exploits1References5
Talos
Talos
added 2022/05/25 12:0 a.m.75 views

Open Automation Software Platform Engine SecureTransferFiles file write vulnerability

Summary A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this...

9.8CVSS10AI score0.18607EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2022/05/25 12:0 a.m.18 views

PT-2022-17655 · Open Automation · Open Automation Software Oas Platform

Name of the Vulnerable Software and Affected Versions: Open Automation Software OAS Platform version 16.00.0112 Description: A cleartext transmission of sensitive information issue exists in the OAS Engine configuration communications functionality. This can be exploited through a targeted networ...

7.5CVSS7.2AI score0.01093EPSS
Exploits1References2
Rows per page
Query Builder