Lucene search
+L
OpenautomationsoftwareOas Platform

16 matches found

cve
cve
added 2022/05/25 8:15 p.m.705 views

CVE-2022-26833

The CVE-2022-26833 issue affects Open Automation Software OAS Platform V16.00.0121. A vulnerability in the REST API allows unauthenticated use via a crafted sequence of HTTP requests, stemming from improper authentication. Consequences cited in the sources include unauthenticated access to the RE...

9.4CVSS9.3AI score0.37606EPSS
In wild
cve
cve
added 2022/05/25 8:15 p.m.99 views

CVE-2022-26082

Open Automation Software OAS Platform vulnerable in the Engine SecureTransferFiles function (OAS Platform v16.00.0112). The root cause is missing authentication for a critical function (CWE-306), allowing a remote attacker to upload arbitrary files via a crafted sequence of network messages, lead...

9.8CVSS9.7AI score0.18607EPSS
cve
cve
added 2022/05/25 8:15 p.m.90 views

CVE-2022-26043

CVE-2022-26043 affects Open Automation Software OAS Platform 16.00.0112, specifically the OAS Engine SecureAddSecurity function. TALOS details an external config control vulnerability where unauthenticated config messages can create a custom Security Group, enabling file-transfer permissions and ...

7.5CVSS7.5AI score0.01208EPSS
cve
cve
added 2022/05/25 8:15 p.m.86 views

CVE-2022-26077

Open Automation Software OAS Platform V16.00.0112 is affected by CVE-2022-26077 via the OAS Engine configuration communications, where cleartext transmission allows network sniffing to disclose sensitive information. The root cause is unencrypted configuration traffic over the OAS Engine, enablin...

7.5CVSS7.3AI score0.01093EPSS
cve
cve
added 2022/05/25 8:15 p.m.84 views

CVE-2022-26067

CVE-2022-26067 affects Open Automation Software OAS Platform (OAS Engine SecureTransferFiles) version 16.00.0112. A crafted sequence of network requests can read arbitrary files, enabled by a missing authentication for a critical function (CWE-306). Reported CVSSv3 base score 4.9 (in TALOS) up to...

7.5CVSS7.2AI score0.01221EPSS
cve
cve
added 2022/05/25 8:15 p.m.83 views

CVE-2022-26026

CVE-2022-26026 describes a denial-of-service in Open Automation Software OAS Platform V16.00.0112, specifically in the OAS Engine SecureConfigValues functionality. A specially crafted unauthenticated network message can trigger a change to the TCP configuration port, potentially causing the platf...

7.5CVSS7.4AI score0.0114EPSS
cve
cve
added 2022/05/25 8:15 p.m.83 views

CVE-2022-27169

CVE-2022-27169 : The TALOS vulnerability report confirms an information disclosure in Open Automation Software OAS Platform (V16.00.0112) via the OAS Engine SecureBrowseFile function. An unauthenticated, network-directed configuration message to TCP/58727 can trigger a directory listing and expos...

7.5CVSS7.2AI score0.01641EPSS
cve
cve
added 2022/05/25 8:15 p.m.75 views

CVE-2022-26303

Open Automation Software OAS Platform V16.00.0112 contains an external config control vulnerability in the OAS Engine SecureAddUser function. The issue allows unauthenticated network requests to create new OAS user accounts, via a sequence targeting TCP/58727, with a resulting account validated b...

7.5CVSS7.5AI score0.01208EPSS
cve
cve
added 2023/09/05 4:15 p.m.62 views

CVE-2023-34317

CVE-2023-34317 is an Open Automation Software OAS Platform vulnerability (v18.00.0072) in the OAS Engine User Creation flow caused by improper input validation. Talos reports that when adding a user, the engine does not filter the username, allowing a wide range of characters to be stored in the ...

6.5CVSS7.7AI score0.00758EPSS
cve
cve
added 2023/09/05 4:15 p.m.56 views

CVE-2023-34994

Open Automation Software OAS Platform v18.00.0072 contains an improper resource allocation vulnerability in the OAS Engine configuration management functionality. Talos notes that an unauthenticated or low-privileged user can leverage the configuration tool (including a remote file browser that a...

4.3CVSS5.5AI score0.00652EPSS
cve
cve
added 2023/09/05 4:15 p.m.54 views

CVE-2023-32615

CVE-2023-32615 affects Open Automation Software OAS Platform v18.00.0072; TALOS detailed a file write vulnerability in the OAS Engine configuration tool that saves the running configuration to disk. When a file path is chosen, if the target exists its contents can be replaced, enabling arbitrary ...

8.1CVSS8.8AI score0.00727EPSS
cve
cve
added 2023/09/05 4:15 p.m.53 views

CVE-2023-34353

CVE-2023-34353 affects Open Automation Software OAS Platform OAS Engine authentication functionality (v18.00.0072). Talos details describe an authentication bypass enabling information disclosure by sniffing network traffic to decrypt sensitive data, with the vulnerability tied to how credentials...

7.5CVSS8.1AI score0.01038EPSS
cve
cve
added 2023/09/05 4:15 p.m.52 views

CVE-2023-35124

Open Automation Software OAS Platform v18.00.0072 is affected by CVE-2023-35124 in the Engine configuration management functionality. A specially crafted sequence of network requests can disclose sensitive information stored by the OAS Platform. Talos’ vulnerability report confirms the vulnerabil...

4.3CVSS5.1AI score0.00541EPSS
cve
cve
added 2023/09/05 4:15 p.m.44 views

CVE-2023-31242

CVE-2023-31242 affects Open Automation Software OAS Platform (OAS Platform) with the engine vulnerability in version 18.00.0072. Talos reports an authentication bypass in the OAS Engine, caused by default configurations allowing unauthenticated access (no admin user by default) and by flawed hand...

9.8CVSS9.5AI score0.03356EPSS
cve
cve
added 2023/09/05 4:15 p.m.44 views

CVE-2023-34998

CVE-2023-34998 : Open Automation Software OAS Platform v18.00.0072 OAS Engine contains an authentication bypass. An attacker who can sniff traffic can capture a valid U_EP credential and craft privileged requests, bypassing authentication. The vulnerability enables access via unencrypted admin tr...

8.1CVSS9AI score0.01153EPSS
cve
cve
added 2023/09/05 4:15 p.m.43 views

CVE-2023-32271

CVE-2023-32271 affects Open Automation Software OAS Platform OAS Engine configuration management (v18.00.0072). Cisco Talos TALOS-2023-1774 documents an information-disclosure vulnerability exploitable via crafted network requests, enabling leakage of sensitive data. The CVSSv3.1 base score is 6....

6.5CVSS7.4AI score0.00871EPSS