5 matches found
CVE-2024-24976
CVE-2024-24976 affects Open Automation Software OAS Platform, specifically the OAS Engine File Data Source Configuration in v19.00.0057. Talos reports a denial-of-service condition caused by improper handling of a File Data Source Path, where a crafted sequence of network requests can trigger an ...
CVE-2024-21870
CVE-2024-21870 affects Open Automation Software OAS Platform V19.00.0057. Talos reports a file write vulnerability in the OAS Engine Tags Configuration: a sequence of authenticated requests can create or overwrite arbitrary files via the File Data Source/Tag configuration path, potentially leadin...
CVE-2024-27201
Open Automation Software OAS Platform, version V19.00.0057, contains CVE-2024-27201: an improper input validation in the OAS Engine User Configuration allows a sequence of network requests to cause unexpected data in the configuration (e.g., decoy usernames with unusual characters). Talos confirm...
CVE-2024-22178
Open Automation Software OAS Platform (V19.00.0057) has a file-write vulnerability in the OAS Engine Save Security Configuration feature. A crafted sequence of network requests can create or overwrite arbitrary files. TALOS confirms CVE-2024-22178 (CWE-73) affects OAS Platform V19.00.0057; impact...
CVE-2024-11220
CVE-2024-11220 affects Open Automation Software (OAS). A local, low-privilege user with credentials to the running OAS services can create and run an rdlx report file on the server , causing code in the rdlx to execute with SYSTEM privileges and perform privilege escalation. Reported impact align...