Lucene search
K

157 matches found

OSV
OSV
added 2023/09/05 5:15 p.m.4 views

CVE-2023-34994

An improper resource allocation vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to creation of an arbitrary directory. An attacker can send a sequence of...

4.3CVSS5.9AI score0.00652EPSS
Exploits1References2
NVD
NVD
added 2023/09/05 5:15 p.m.31 views

CVE-2023-34353

An authentication bypass vulnerability exists in the OAS Engine authentication functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted network sniffing can lead to decryption of sensitive information. An attacker can sniff network traffic to trigger this...

7.5CVSS7.7AI score0.01038EPSS
Exploits1References2
OSV
OSV
added 2023/09/05 5:15 p.m.7 views

CVE-2023-32271

An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of reques...

6.5CVSS5.8AI score0.00871EPSS
Exploits1References2
NVD
NVD
added 2023/09/05 5:15 p.m.25 views

CVE-2023-31242

An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially-crafted series of network requests can lead to arbitrary authentication. An attacker can send a sequence of requests to trigger this vulnerability...

9.8CVSS8.7AI score0.03356EPSS
Exploits1References2
NVD
NVD
added 2023/09/05 5:15 p.m.20 views

CVE-2023-32615

A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this...

8.1CVSS6.9AI score0.00727EPSS
Exploits0References2
OSV
OSV
added 2023/09/05 5:15 p.m.5 views

CVE-2023-34353

An authentication bypass vulnerability exists in the OAS Engine authentication functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted network sniffing can lead to decryption of sensitive information. An attacker can sniff network traffic to trigger this...

7.5CVSS5.8AI score0.01038EPSS
Exploits1References2
OSV
OSV
added 2023/09/05 5:15 p.m.5 views

CVE-2023-32615

A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this...

8.1CVSS5.9AI score0.00727EPSS
Exploits0References2
Prion
Prion
added 2023/09/05 5:15 p.m.26 views

Authentication flaw

An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially-crafted series of network requests can lead to arbitrary authentication. An attacker can send a sequence of requests to trigger this vulnerability...

7.5CVSS9.5AI score0.03356EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/09/05 4:15 p.m.44 views

CVE-2023-31242

CVE-2023-31242 affects Open Automation Software OAS Platform (OAS Platform) with the engine vulnerability in version 18.00.0072. Talos reports an authentication bypass in the OAS Engine, caused by default configurations allowing unauthenticated access (no admin user by default) and by flawed hand...

9.8CVSS9.5AI score0.03356EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/09/05 4:15 p.m.44 views

CVE-2023-34998

CVE-2023-34998 : Open Automation Software OAS Platform v18.00.0072 OAS Engine contains an authentication bypass. An attacker who can sniff traffic can capture a valid U_EP credential and craft privileged requests, bypassing authentication. The vulnerability enables access via unencrypted admin tr...

8.1CVSS9AI score0.01153EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/05 4:15 p.m.13 views

CVE-2023-31242

An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially-crafted series of network requests can lead to arbitrary authentication. An attacker can send a sequence of requests to trigger this vulnerability...

8.1CVSS9.6AI score0.03356EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/09/05 4:15 p.m.11 views

CVE-2023-34998

An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary authentication. An attacker can sniff network traffic to trigger this vulnerability...

8.1CVSS8.2AI score0.01153EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/09/05 4:15 p.m.13 views

CVE-2023-32615

A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this...

6.5CVSS6.8AI score0.00727EPSS
Exploits0References2
CVE
CVE
added 2023/09/05 4:15 p.m.60 views

CVE-2023-34317

CVE-2023-34317 is an Open Automation Software OAS Platform vulnerability (v18.00.0072) in the OAS Engine User Creation flow caused by improper input validation. Talos reports that when adding a user, the engine does not filter the username, allowing a wide range of characters to be stored in the ...

6.5CVSS7.7AI score0.00758EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/09/05 4:15 p.m.24 views

CVE-2023-32615

A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this...

6.5CVSS8.2AI score0.00727EPSS
Exploits0References2
CVE
CVE
added 2023/09/05 4:15 p.m.43 views

CVE-2023-32271

CVE-2023-32271 affects Open Automation Software OAS Platform OAS Engine configuration management (v18.00.0072). Cisco Talos TALOS-2023-1774 documents an information-disclosure vulnerability exploitable via crafted network requests, enabling leakage of sensitive data. The CVSSv3.1 base score is 6....

6.5CVSS7.4AI score0.00871EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/09/05 4:15 p.m.43 views

CVE-2023-34994

An improper resource allocation vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to creation of an arbitrary directory. An attacker can send a sequence of...

3.1CVSS4.9AI score0.00652EPSS
Exploits1References2
CVE
CVE
added 2023/09/05 4:15 p.m.55 views

CVE-2023-34994

Open Automation Software OAS Platform v18.00.0072 contains an improper resource allocation vulnerability in the OAS Engine configuration management functionality. Talos notes that an unauthenticated or low-privileged user can leverage the configuration tool (including a remote file browser that a...

4.3CVSS5.5AI score0.00652EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/09/05 4:15 p.m.53 views

CVE-2023-34353

CVE-2023-34353 affects Open Automation Software OAS Platform OAS Engine authentication functionality (v18.00.0072). Talos details describe an authentication bypass enabling information disclosure by sniffing network traffic to decrypt sensitive data, with the vulnerability tied to how credentials...

7.5CVSS8.1AI score0.01038EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/09/05 4:15 p.m.51 views

CVE-2023-35124

Open Automation Software OAS Platform v18.00.0072 is affected by CVE-2023-35124 in the Engine configuration management functionality. A specially crafted sequence of network requests can disclose sensitive information stored by the OAS Platform. Talos’ vulnerability report confirms the vulnerabil...

4.3CVSS5.1AI score0.00541EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder