157 matches found
CVE-2023-34994
An improper resource allocation vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to creation of an arbitrary directory. An attacker can send a sequence of...
CVE-2023-34353
An authentication bypass vulnerability exists in the OAS Engine authentication functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted network sniffing can lead to decryption of sensitive information. An attacker can sniff network traffic to trigger this...
CVE-2023-32271
An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of reques...
CVE-2023-31242
An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially-crafted series of network requests can lead to arbitrary authentication. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2023-32615
A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this...
CVE-2023-34353
An authentication bypass vulnerability exists in the OAS Engine authentication functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted network sniffing can lead to decryption of sensitive information. An attacker can sniff network traffic to trigger this...
CVE-2023-32615
A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this...
Authentication flaw
An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially-crafted series of network requests can lead to arbitrary authentication. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2023-31242
CVE-2023-31242 affects Open Automation Software OAS Platform (OAS Platform) with the engine vulnerability in version 18.00.0072. Talos reports an authentication bypass in the OAS Engine, caused by default configurations allowing unauthenticated access (no admin user by default) and by flawed hand...
CVE-2023-34998
CVE-2023-34998 : Open Automation Software OAS Platform v18.00.0072 OAS Engine contains an authentication bypass. An attacker who can sniff traffic can capture a valid U_EP credential and craft privileged requests, bypassing authentication. The vulnerability enables access via unencrypted admin tr...
CVE-2023-31242
An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially-crafted series of network requests can lead to arbitrary authentication. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2023-34998
An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary authentication. An attacker can sniff network traffic to trigger this vulnerability...
CVE-2023-32615
A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this...
CVE-2023-34317
CVE-2023-34317 is an Open Automation Software OAS Platform vulnerability (v18.00.0072) in the OAS Engine User Creation flow caused by improper input validation. Talos reports that when adding a user, the engine does not filter the username, allowing a wide range of characters to be stored in the ...
CVE-2023-32615
A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this...
CVE-2023-32271
CVE-2023-32271 affects Open Automation Software OAS Platform OAS Engine configuration management (v18.00.0072). Cisco Talos TALOS-2023-1774 documents an information-disclosure vulnerability exploitable via crafted network requests, enabling leakage of sensitive data. The CVSSv3.1 base score is 6....
CVE-2023-34994
An improper resource allocation vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to creation of an arbitrary directory. An attacker can send a sequence of...
CVE-2023-34994
Open Automation Software OAS Platform v18.00.0072 contains an improper resource allocation vulnerability in the OAS Engine configuration management functionality. Talos notes that an unauthenticated or low-privileged user can leverage the configuration tool (including a remote file browser that a...
CVE-2023-34353
CVE-2023-34353 affects Open Automation Software OAS Platform OAS Engine authentication functionality (v18.00.0072). Talos details describe an authentication bypass enabling information disclosure by sniffing network traffic to decrypt sensitive data, with the vulnerability tied to how credentials...
CVE-2023-35124
Open Automation Software OAS Platform v18.00.0072 is affected by CVE-2023-35124 in the Engine configuration management functionality. A specially crafted sequence of network requests can disclose sensitive information stored by the OAS Platform. Talos’ vulnerability report confirms the vulnerabil...