The vulnerability of the SecureTransferFiles function in the kernel of the software package for working with data from IoT devices allows a hacker to execute arbitrary code.

The vulnerability of the SecureTransferFiles function in the kernel of the software package for working with data from IoT devices is related to the lack of authentication for the critical function. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2022-26082

A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability...

CVE-2022-26067

An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to arbitrary file read. An attacker can send a sequence of requests to trigger this...

Information disclosure

An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to arbitrary file read. An attacker can send a sequence of requests to trigger this...

CVE-2022-26082

Open Automation Software OAS Platform vulnerable in the Engine SecureTransferFiles function (OAS Platform v16.00.0112). The root cause is missing authentication for a critical function (CWE-306), allowing a remote attacker to upload arbitrary files via a crafted sequence of network messages, lead...

CVE-2022-26067

An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to arbitrary file read. An attacker can send a sequence of requests to trigger this...

CVE-2022-26067

CVE-2022-26067 affects Open Automation Software OAS Platform (OAS Engine SecureTransferFiles) version 16.00.0112. A crafted sequence of network requests can read arbitrary files, enabled by a missing authentication for a critical function (CWE-306). Reported CVSSv3 base score 4.9 (in TALOS) up to...

Open Automation Software Platform Engine cleartext transmission of sensitive information vulnerability

Summary A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. A targeted network sniffing attack can lead to a disclosure of sensitive information. An attacker can...

Open Automation Software Platform Engine SecureTransferFiles information disclosure vulnerability

Summary An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to arbitrary file read. An attacker can send a sequence of requests to trigger...

Open Automation Software Platform Engine SecureTransferFiles file write vulnerability

Summary A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this...