157 matches found
CVE-2022-26303
Open Automation Software OAS Platform V16.00.0112 contains an external config control vulnerability in the OAS Engine SecureAddUser function. The issue allows unauthenticated network requests to create new OAS user accounts, via a sequence targeting TCP/58727, with a resulting account validated b...
CVE-2022-26082
A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2022-26082
Open Automation Software OAS Platform vulnerable in the Engine SecureTransferFiles function (OAS Platform v16.00.0112). The root cause is missing authentication for a critical function (CWE-306), allowing a remote attacker to upload arbitrary files via a crafted sequence of network messages, lead...
CVE-2022-26077
A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. A targeted network sniffing attack can lead to a disclosure of sensitive information. An attacker can sniff...
CVE-2022-26067
An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to arbitrary file read. An attacker can send a sequence of requests to trigger this...
CVE-2022-26067
CVE-2022-26067 affects Open Automation Software OAS Platform (OAS Engine SecureTransferFiles) version 16.00.0112. A crafted sequence of network requests can read arbitrary files, enabled by a missing authentication for a critical function (CWE-306). Reported CVSSv3 base score 4.9 (in TALOS) up to...
CVE-2022-26043
CVE-2022-26043 affects Open Automation Software OAS Platform 16.00.0112, specifically the OAS Engine SecureAddSecurity function. TALOS details an external config control vulnerability where unauthenticated config messages can create a custom Security Group, enabling file-transfer permissions and ...
CVE-2022-26043
An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of a custom Security Group. An attacker can send a sequence of requests t...
CVE-2022-26043
An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of a custom Security Group. An attacker can send a sequence of requests t...
CVE-2022-26026
A denial of service vulnerability exists in the OAS Engine SecureConfigValues functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to loss of communications. An attacker can send a network request to trigger this vulnerability...
Vulnerability Spotlight: Vulnerabilities in Open Automation Software Platform could lead to information disclosure, denial of service
Jared Rittle of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered eight vulnerabilities in the Open Automation Software Platform that could allow an adversary to carry out a variety of malicious actions, including improperly authenticating into...
PT-2022-2740 · Open Automation · Open Automation Software Oas Platform
Name of the Vulnerable Software and Affected Versions: Open Automation Software OAS Platform version 16.00.0121 Description: The issue is related to an improper authentication vulnerability in the REST API functionality. This vulnerability can be triggered by a specially-crafted series of HTTP...
PT-2022-17648 · Open Automation · Open Automation Software Oas Platform
Name of the Vulnerable Software and Affected Versions: Open Automation Software OAS Platform version 16.00.0112 Description: An information disclosure issue exists in the OAS Engine SecureTransferFiles functionality. A specially-crafted series of network requests can lead to arbitrary file read. ...
Open Automation Software OAS Platform 安全漏洞
Open Automation Software OAS Platform is an industrial Internet of Things IoT suite from Open Automation Software, Inc. Open Automation Software OAS Platform version V16.00.0112 is vulnerable to information disclosure and can be exploited by attackers to obtain sensitive information via targeted...
PT-2022-3463 · Open Automation · Open Automation Software Oas Platform
Name of the Vulnerable Software and Affected Versions: Open Automation Software OAS Platform version V16.00.0112 Description: The issue concerns the OAS Engine SecureAddSecurity functionality, where a lack of authentication check for a critical function can be exploited. An attacker can send a...
Open Automation Software Platform Engine SecureBrowseFile information disclosure vulnerability
Summary An information disclosure vulnerability exists in the OAS Engine SecureBrowseFile functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to a disclosure of sensitive information. An attacker can send a network request to trigger th...
CVE-2022-26833
An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this...
Open Automation Software OAS Platform 访问控制错误漏洞
Open Automation Software OAS Platform is an industrial Internet of Things IoT suite from Open Automation Software, Inc. Open Automation Software OAS Platform V16.00.0112 is vulnerable to an access control error that could be exploited to create OAS user accounts with specially crafted network...
Open Automation Software Platform Engine SecureTransferFiles file write vulnerability
Summary A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this...
PT-2022-17655 · Open Automation · Open Automation Software Oas Platform
Name of the Vulnerable Software and Affected Versions: Open Automation Software OAS Platform version 16.00.0112 Description: A cleartext transmission of sensitive information issue exists in the OAS Engine configuration communications functionality. This can be exploited through a targeted networ...