16 matches found
CVE-2022-26833
The CVE-2022-26833 issue affects Open Automation Software OAS Platform V16.00.0121. A vulnerability in the REST API allows unauthenticated use via a crafted sequence of HTTP requests, stemming from improper authentication. Consequences cited in the sources include unauthenticated access to the RE...
CVE-2022-26082
Open Automation Software OAS Platform vulnerable in the Engine SecureTransferFiles function (OAS Platform v16.00.0112). The root cause is missing authentication for a critical function (CWE-306), allowing a remote attacker to upload arbitrary files via a crafted sequence of network messages, lead...
CVE-2022-26043
CVE-2022-26043 affects Open Automation Software OAS Platform 16.00.0112, specifically the OAS Engine SecureAddSecurity function. TALOS details an external config control vulnerability where unauthenticated config messages can create a custom Security Group, enabling file-transfer permissions and ...
CVE-2022-26077
Open Automation Software OAS Platform V16.00.0112 is affected by CVE-2022-26077 via the OAS Engine configuration communications, where cleartext transmission allows network sniffing to disclose sensitive information. The root cause is unencrypted configuration traffic over the OAS Engine, enablin...
CVE-2022-26067
CVE-2022-26067 affects Open Automation Software OAS Platform (OAS Engine SecureTransferFiles) version 16.00.0112. A crafted sequence of network requests can read arbitrary files, enabled by a missing authentication for a critical function (CWE-306). Reported CVSSv3 base score 4.9 (in TALOS) up to...
CVE-2022-26026
CVE-2022-26026 describes a denial-of-service in Open Automation Software OAS Platform V16.00.0112, specifically in the OAS Engine SecureConfigValues functionality. A specially crafted unauthenticated network message can trigger a change to the TCP configuration port, potentially causing the platf...
CVE-2022-27169
CVE-2022-27169 : The TALOS vulnerability report confirms an information disclosure in Open Automation Software OAS Platform (V16.00.0112) via the OAS Engine SecureBrowseFile function. An unauthenticated, network-directed configuration message to TCP/58727 can trigger a directory listing and expos...
CVE-2022-26303
Open Automation Software OAS Platform V16.00.0112 contains an external config control vulnerability in the OAS Engine SecureAddUser function. The issue allows unauthenticated network requests to create new OAS user accounts, via a sequence targeting TCP/58727, with a resulting account validated b...
CVE-2023-34317
CVE-2023-34317 is an Open Automation Software OAS Platform vulnerability (v18.00.0072) in the OAS Engine User Creation flow caused by improper input validation. Talos reports that when adding a user, the engine does not filter the username, allowing a wide range of characters to be stored in the ...
CVE-2023-34994
Open Automation Software OAS Platform v18.00.0072 contains an improper resource allocation vulnerability in the OAS Engine configuration management functionality. Talos notes that an unauthenticated or low-privileged user can leverage the configuration tool (including a remote file browser that a...
CVE-2023-32615
CVE-2023-32615 affects Open Automation Software OAS Platform v18.00.0072; TALOS detailed a file write vulnerability in the OAS Engine configuration tool that saves the running configuration to disk. When a file path is chosen, if the target exists its contents can be replaced, enabling arbitrary ...
CVE-2023-34353
CVE-2023-34353 affects Open Automation Software OAS Platform OAS Engine authentication functionality (v18.00.0072). Talos details describe an authentication bypass enabling information disclosure by sniffing network traffic to decrypt sensitive data, with the vulnerability tied to how credentials...
CVE-2023-35124
Open Automation Software OAS Platform v18.00.0072 is affected by CVE-2023-35124 in the Engine configuration management functionality. A specially crafted sequence of network requests can disclose sensitive information stored by the OAS Platform. Talos’ vulnerability report confirms the vulnerabil...
CVE-2023-31242
CVE-2023-31242 affects Open Automation Software OAS Platform (OAS Platform) with the engine vulnerability in version 18.00.0072. Talos reports an authentication bypass in the OAS Engine, caused by default configurations allowing unauthenticated access (no admin user by default) and by flawed hand...
CVE-2023-34998
CVE-2023-34998 : Open Automation Software OAS Platform v18.00.0072 OAS Engine contains an authentication bypass. An attacker who can sniff traffic can capture a valid U_EP credential and craft privileged requests, bypassing authentication. The vulnerability enables access via unencrypted admin tr...
CVE-2023-32271
CVE-2023-32271 affects Open Automation Software OAS Platform OAS Engine configuration management (v18.00.0072). Cisco Talos TALOS-2023-1774 documents an information-disclosure vulnerability exploitable via crafted network requests, enabling leakage of sensitive data. The CVSSv3.1 base score is 6....