CVE-2022-26833
published 2022-05-25CVE-2022-26833: An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series…
PriorityP188critical9.4CVSS 3.1
AVNACLPRNUINSUCLIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
37.61%
98.3th percentile
An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| open_automation_software | oas_platform | — | — |
| openautomationsoftware | oas_platform | — | — |
Detection & IOCsextracted from sources · hover to see the quote
commandPOST /OASREST/v2/authenticate HTTP/1.1
Host: {{Hostname}}
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
Content-Type: application/json
{"username": "", "password": ""}↗
- →Detect unauthenticated REST API authentication bypass by looking for POST requests to /OASREST/v2/authenticate with empty username and password credentials returning HTTP 200 with a valid token and clientid in the JSON response body. ↗
- →A successful exploit response will contain all four fields in the JSON body: 'status', 'data', 'token', and 'clientid', with Content-Type: application/json header and HTTP 200 status. ↗
- →The exploit payload uses an empty username and password JSON body: {"username": "", "password": ""} sent to the OAS Platform REST API endpoint. ↗
- ·Vulnerability affects specifically OAS Platform version V16.00.0121; the CPE references build 16.00.0112, indicating the version range may span multiple minor builds. ↗
- ·The vulnerability requires a specially-crafted *series* of HTTP requests, not necessarily a single request, to trigger unauthenticated REST API access. ↗
CVSS provenance
nvdv3.19.4CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.4CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q479-f3r3-9xq7: An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16
ghsa_unreviewed·2022-05-26
CVE-2022-26833 [CRITICAL] CWE-306 GHSA-q479-f3r3-9xq7: An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16
An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this vulnerability.
VulnCheck
openautomationsoftware oas_platform Missing Authentication for Critical Function
vulncheck·2022·CVSS 9.4
CVE-2022-26833 [CRITICAL] openautomationsoftware oas_platform Missing Authentication for Critical Function
openautomationsoftware oas_platform Missing Authentication for Critical Function
An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this vulnerability.
Affected: openautomationsoftware oas_platform
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-01-22&host_type=src&vulnerability=cve-2022-26833; https://dashboard.shadowserver.org/statistics/honeyp
No detection rules found.
Nuclei
Open Automation Software OAS Platform V16.00.0121 - Missing Authentication
nuclei·CVSS 9.4
CVE-2022-26833 [CRITICAL] Open Automation Software OAS Platform V16.00.0121 - Missing Authentication
Open Automation Software OAS Platform V16.00.0121 - Missing Authentication
An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this vulnerability.
Template:
id: CVE-2022-26833
info:
name: Open Automation Software OAS Platform V16.00.0121 - Missing Authentication
author: true13
severity: critical
description: |
An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a serie
Checkpoint
30th May – Threat Intelligence Report
blogs_checkpoint·2022-05-30
CVE-2022-26833 30th May – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 30th May – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 30th May, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
Check Point Research reported how the Conti ransom group has taken cybercrime to a new, geopolitical level. They intervene in the internal politics of Costa Rica, the relationship between Costa Rica and the US, and basically moved the ransomware gangs to a new business stage of country extortion.
Check Point Harmony Endpoint and
Talos
Vulnerability Spotlight: Vulnerabilities in Open Automation Software Platform could lead to information disclosure, denial of service
blogs_talos·2022-05-25·CVSS 7.5
[HIGH] Vulnerability Spotlight: Vulnerabilities in Open Automation Software Platform could lead to information disclosure, denial of service
Jared Rittle of Cisco Talos discovered these vulnerabilities.
Cisco Talos recently discovered eight vulnerabilities in the Open Automation Software Platform that could allow an adversary to carry out a variety of malicious actions, including improperly authenticating into the targeted device and causing a denial of service.
The OAS Platform facilitates the simplified data transfer between various proprietary devices and applications, including software and hardware.
The most serious of these issues is TALOS-2022-1493 (CVE-2022-26082), which an attacker could exploit to gain the ability to execute arbitrary code on the targeted machine. This issue has a severity score of 9.1 out of a possible 10. Another vulnerability, TALOS-2022-1513 (CVE-2022-26833) has a 9.4 severity score and could l
Talos
Vulnerability Spotlight: Vulnerabilities in Open Automation Software Platform could lead to information disclosure, denial of service
blogs_talos·2022-05-25·CVSS 7.5
[HIGH] Vulnerability Spotlight: Vulnerabilities in Open Automation Software Platform could lead to information disclosure, denial of service
## Vulnerability Spotlight: Vulnerabilities in Open Automation Software Platform could lead to information disclosure, denial of service
Jared Rittle of Cisco Talos discovered these vulnerabilities.
Cisco Talos recently discovered eight vulnerabilities in the Open Automation Software Platform that could allow an adversary to carry out a variety of malicious actions, including improperly authenticating into the targeted device and causing a denial of service.
The OAS Platform facilitates the simplified data transfer between various proprietary devices and applications, including software and hardware.
The most serious of these issues is TALOS-2022-1493 (CVE-2022-26082), which an attacker could exploit to gain the ability to execute arbitrary code on the targeted machine. This issue has
Greynoiseio
NoiseLetter March 2025
blogs_greynoiseio
NoiseLetter March 2025
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
2022-05-25
Published
Exploited in the wild