2 matches found
CVE-2022-26067
An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to arbitrary file read. An attacker can send a sequence of requests to trigger this...
CVE-2022-26067
CVE-2022-26067 affects Open Automation Software OAS Platform (OAS Engine SecureTransferFiles) version 16.00.0112. A crafted sequence of network requests can read arbitrary files, enabled by a missing authentication for a critical function (CWE-306). Reported CVSSv3 base score 4.9 (in TALOS) up to...