CVE-2023-34994
published 2023-09-05CVE-2023-34994: An improper resource allocation vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform…
PriorityP426medium4.3CVSS 3.1
AVNACLPRLUINSUCNINAL
EPSS
0.65%
46.6th percentile
An improper resource allocation vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to creation of an arbitrary directory. An attacker can send a sequence of requests to trigger this vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| open_automation_software | oas_platform | — | — |
| openautomationsoftware | oas_platform | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Eight vulnerabilities in Open Automation Software Platform could lead to information disclosure, improper authentication
blogs_talos·2023-09-06·CVSS 8.1
[HIGH] Eight vulnerabilities in Open Automation Software Platform could lead to information disclosure, improper authentication
## Eight vulnerabilities in Open Automation Software Platform could lead to information disclosure, improper authentication
Cisco Talos recently disclosed eight vulnerabilities in the engine configuration functionality in Open Automation’s Software Platform.
OAS Platform is commonly found in industrial operations and enterprise environments. It allows various devices, including PLCs, servers, files, databases and internet-of-things platforms to communicate with one another and share data when they otherwise would be unable to because of their various protocols.
The vulnerabilities Talos disclosed on Sept. 5 all exist inside the OAS Platform’s Engine configuration management functionality. Through the configuration tool, users can load or save a set of configurations to a disk and instal
Talos
Eight vulnerabilities in Open Automation Software Platform could lead to information disclosure, improper authentication
blogs_talos·2023-09-06·CVSS 8.1
[HIGH] Eight vulnerabilities in Open Automation Software Platform could lead to information disclosure, improper authentication
Cisco Talos recently disclosed eight vulnerabilities in the engine configuration functionality in Open Automation’s Software Platform.
OAS Platform is commonly found in industrial operations and enterprise environments. It allows various devices, including PLCs, servers, files, databases and internet-of-things platforms to communicate with one another and share data when they otherwise would be unable to because of their various protocols.
The vulnerabilities Talos disclosed on Sept. 5 all exist inside the OAS Platform’s Engine configuration management functionality. Through the configuration tool, users can load or save a set of configurations to a disk and install it on other devices.
TALOS-2023-1775 (CVE-2023-35124), TALOS-2023-1776 (CVE-2023-34353) and TALOS-2023-1774 (CVE-2023-3227
2023-09-05
Published