Oas Platform Security Vulnerabilities and Issues — Oas Platform CVE List

Lucene search

OpenautomationsoftwareOas Platform

16 matches found

CVE•added 2022/05/25 9:15 p.m.•683 views

CVE-2022-26833

An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this vulnerabili...

9.4CVSS9.3AI score0.8809EPSS

In wild

CVE•added 2022/05/25 9:15 p.m.•87 views

CVE-2022-26082

A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.

9.8CVSS9.7AI score0.02703EPSS

CVE•added 2022/05/25 9:15 p.m.•76 views

CVE-2022-26043

An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of a custom Security Group. An attacker can send a sequence of requests to ...

7.5CVSS7.5AI score0.00254EPSS

CVE•added 2022/05/25 9:15 p.m.•75 views

CVE-2022-27169

An information disclosure vulnerability exists in the OAS Engine SecureBrowseFile functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to a disclosure of sensitive information. An attacker can send a network request to trigger this vulnera...

7.5CVSS7.2AI score0.00565EPSS

CVE•added 2022/05/25 9:15 p.m.•73 views

CVE-2022-26077

A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. A targeted network sniffing attack can lead to a disclosure of sensitive information. An attacker can sniff netwo...

7.5CVSS7.3AI score0.00148EPSS

CVE•added 2022/05/25 9:15 p.m.•71 views

CVE-2022-26026

A denial of service vulnerability exists in the OAS Engine SecureConfigValues functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to loss of communications. An attacker can send a network request to trigger this vulnerability.

7.5CVSS7.4AI score0.00378EPSS

CVE•added 2022/05/25 9:15 p.m.•70 views

CVE-2022-26067

An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to arbitrary file read. An attacker can send a sequence of requests to trigger this vulner...

7.5CVSS7.2AI score0.00224EPSS

CVE•added 2022/05/25 9:15 p.m.•61 views

CVE-2022-26303

An external config control vulnerability exists in the OAS Engine SecureAddUser functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of an OAS user account. An attacker can send a sequence of requests to trigger ...

7.5CVSS7.5AI score0.00268EPSS

CVE•added 2023/09/05 5:15 p.m.•46 views

CVE-2023-34317

An improper input validation vulnerability exists in the OAS Engine User Creation functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to trigg...

6.5CVSS7.7AI score0.00074EPSS

CVE•added 2023/09/05 5:15 p.m.•42 views

CVE-2023-32615

A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerab...

8.1CVSS8.8AI score0.00056EPSS

CVE•added 2023/09/05 5:15 p.m.•41 views

CVE-2023-34353

An authentication bypass vulnerability exists in the OAS Engine authentication functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted network sniffing can lead to decryption of sensitive information. An attacker can sniff network traffic to trigger this vulnerabilit...

7.5CVSS8.1AI score0.00047EPSS

CVE•added 2023/09/05 5:15 p.m.•41 views

CVE-2023-34994

An improper resource allocation vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to creation of an arbitrary directory. An attacker can send a sequence of reque...

4.3CVSS5.5AI score0.00056EPSS

CVE•added 2023/09/05 5:15 p.m.•39 views

CVE-2023-35124

An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests...

4.3CVSS5.1AI score0.00093EPSS

CVE•added 2023/09/05 5:15 p.m.•35 views

CVE-2023-34998

An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary authentication. An attacker can sniff network traffic to trigger this vulnerability.

8.1CVSS9AI score0.00009EPSS

CVE•added 2023/09/05 5:15 p.m.•34 views

CVE-2023-31242

An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially-crafted series of network requests can lead to arbitrary authentication. An attacker can send a sequence of requests to trigger this vulnerability.

9.8CVSS9.5AI score0.00019EPSS

CVE•added 2023/09/05 5:15 p.m.•31 views

CVE-2023-32271

6.5CVSS7.4AI score0.00103EPSS