cbcvebase.

Open Automation Software Oas Platform vulnerabilities

20 known vulnerabilities affecting open_automation_software/oas_platform.

Total CVEs
20
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL3HIGH9MEDIUM8

Vulnerabilities

Page 1 of 1
CVE-2022-26833P1CRITICALCVSS 9.4ExploitedPoCvV16.00.01212022-05-25
CVE-2022-26833 [CRITICAL] CWE-306 CVE-2022-26833: An improper authentication vulnerability exists in the REST API functionality of Open Automation Sof An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this vulnerability.
nvd
CVE-2022-26082P2CRITICALCVSS 9.8vV16.00.01122022-05-25
CVE-2022-26082 [CRITICAL] CWE-306 CVE-2022-26082: A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automa A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
CVE-2023-31242P2CRITICALCVSS 9.8vv18.00.00722023-09-05
CVE-2023-31242 [CRITICAL] CWE-284 CVE-2023-31242: An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Sof An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially-crafted series of network requests can lead to arbitrary authentication. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
CVE-2023-34998P3HIGHCVSS 8.1vv18.00.00722023-09-05
CVE-2023-34998 [HIGH] CWE-319 CVE-2023-34998: An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Sof An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary authentication. An attacker can sniff network traffic to trigger this vulnerability.
nvd
CVE-2023-32615P3HIGHCVSS 8.1vv18.00.00722023-09-05
CVE-2023-32615 [HIGH] CWE-73 CVE-2023-32615: A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation S A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
CVE-2022-26303P3HIGHCVSS 7.5vV16.00.01122022-05-25
CVE-2022-26303 [HIGH] CWE-306 CVE-2022-26303: An external config control vulnerability exists in the OAS Engine SecureAddUser functionality of Ope An external config control vulnerability exists in the OAS Engine SecureAddUser functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of an OAS user account. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
CVE-2022-26043P3HIGHCVSS 7.5vV16.00.01122022-05-25
CVE-2022-26043 [HIGH] CWE-306 CVE-2022-26043: An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of a custom Security Group. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
CVE-2023-34353P3HIGHCVSS 7.5vv18.00.00722023-09-05
CVE-2023-34353 [HIGH] CWE-330 CVE-2023-34353: An authentication bypass vulnerability exists in the OAS Engine authentication functionality of Open An authentication bypass vulnerability exists in the OAS Engine authentication functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted network sniffing can lead to decryption of sensitive information. An attacker can sniff network traffic to trigger this vulnerability.
nvd
CVE-2022-26067P3HIGHCVSS 7.5vV16.00.01122022-05-25
CVE-2022-26067 [HIGH] CWE-306 CVE-2022-26067: An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality o An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to arbitrary file read. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
CVE-2022-27169P3HIGHCVSS 7.5vV16.00.01122022-05-25
CVE-2022-27169 [HIGH] CWE-306 CVE-2022-27169: An information disclosure vulnerability exists in the OAS Engine SecureBrowseFile functionality of O An information disclosure vulnerability exists in the OAS Engine SecureBrowseFile functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to a disclosure of sensitive information. An attacker can send a network request to trigger this vulnerability.
nvd
CVE-2022-26077P3HIGHCVSS 7.5vV16.00.01122022-05-25
CVE-2022-26077 [HIGH] CWE-319 CVE-2022-26077: A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configurati A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. A targeted network sniffing attack can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability.
nvd
CVE-2022-26026P3HIGHCVSS 7.5vV16.00.01122022-05-25
CVE-2022-26026 [HIGH] CWE-306 CVE-2022-26026: A denial of service vulnerability exists in the OAS Engine SecureConfigValues functionality of Open A denial of service vulnerability exists in the OAS Engine SecureConfigValues functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to loss of communications. An attacker can send a network request to trigger this vulnerability.
nvd
CVE-2023-34317P3MEDIUMCVSS 6.5vv18.00.00722023-09-05
CVE-2023-34317 [MEDIUM] CWE-20 CVE-2023-34317: An improper input validation vulnerability exists in the OAS Engine User Creation functionality of O An improper input validation vulnerability exists in the OAS Engine User Creation functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
CVE-2023-32271P3MEDIUMCVSS 6.5vv18.00.00722023-09-05
CVE-2023-32271 [MEDIUM] CWE-200 CVE-2023-32271: An information disclosure vulnerability exists in the OAS Engine configuration management functional An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
CVE-2024-21870P4MEDIUMCVSS 4.9vV19.00.00572024-04-03
CVE-2024-21870 [MEDIUM] CWE-73 CVE-2024-21870: A file write vulnerability exists in the OAS Engine Tags Configuration functionality of Open Automat A file write vulnerability exists in the OAS Engine Tags Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
CVE-2024-22178P4MEDIUMCVSS 4.9vV19.00.00572024-04-03
CVE-2024-22178 [MEDIUM] CWE-73 CVE-2024-22178: A file write vulnerability exists in the OAS Engine Save Security Configuration functionality of Ope A file write vulnerability exists in the OAS Engine Save Security Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
CVE-2024-27201P4MEDIUMCVSS 4.9vV19.00.00572024-04-03
CVE-2024-27201 [MEDIUM] CWE-20 CVE-2024-27201: An improper input validation vulnerability exists in the OAS Engine User Configuration functionality An improper input validation vulnerability exists in the OAS Engine User Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
CVE-2023-34994P4MEDIUMCVSS 4.3vv18.00.00722023-09-05
CVE-2023-34994 [MEDIUM] CWE-770 CVE-2023-34994: An improper resource allocation vulnerability exists in the OAS Engine configuration management func An improper resource allocation vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to creation of an arbitrary directory. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
CVE-2024-24976P4MEDIUMCVSS 4.9vV19.00.00572024-04-03
CVE-2024-24976 [MEDIUM] CWE-130 CVE-2024-24976: A denial of service vulnerability exists in the OAS Engine File Data Source Configuration functional A denial of service vulnerability exists in the OAS Engine File Data Source Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can cause the running program to stop. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
CVE-2023-35124P4MEDIUMCVSS 4.3vv18.00.00722023-09-05
CVE-2023-35124 [MEDIUM] CWE-209 CVE-2023-35124: An information disclosure vulnerability exists in the OAS Engine configuration management functional An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
Open Automation Software Oas Platform vulnerabilities | cvebase