CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-31242
https://notcve.org/view.php?id=CVE-2023-31242
An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially-crafted series of network requests can lead to arbitrary authentication. An attacker can send a sequence of requests to trigger this vulnerability. Existe una vulnerabilidad de omisión de autenticación en la funcionalidad del motor OAS de Open Automation Software OAS Platform v18.00.0072. Una serie de solicitudes de red especialmente diseñadas pueden conducir a una autenticación arbitraria. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1769 https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1769 • CWE-284: Improper Access Control CWE-287: Improper Authentication •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34998
https://notcve.org/view.php?id=CVE-2023-34998
An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary authentication. An attacker can sniff network traffic to trigger this vulnerability. Existe una vulnerabilidad de omisión de autenticación en la funcionalidad del motor OAS de Open Automation Software OAS Platform v18.00.0072. Una serie de solicitudes de red especialmente diseñadas pueden dar lugar a una autenticación arbitraria. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1770 https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1770 • CWE-287: Improper Authentication CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32615
https://notcve.org/view.php?id=CVE-2023-32615
A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerability. Existe una vulnerabilidad de escritura de archivos en la funcionalidad de configuración del motor OAS de Open Automation Software OAS Platform v18.00.0072. Una serie de solicitudes de red especialmente diseñadas pueden provocar la creación o sobrescritura de archivos arbitrarios. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1771 https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1771 • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-34317
https://notcve.org/view.php?id=CVE-2023-34317
An improper input validation vulnerability exists in the OAS Engine User Creation functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to trigger this vulnerability. Existe una vulnerabilidad de validación de entrada inadecuada en la funcionalidad OAS Engine User Creation de Open Automation Software OAS Platform v18.00.0072. Una serie de solicitudes de red especialmente manipuladas puede generar datos inesperados en la configuración. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1772 https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1772 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2023-34994
https://notcve.org/view.php?id=CVE-2023-34994
An improper resource allocation vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to creation of an arbitrary directory. An attacker can send a sequence of requests to trigger this vulnerability. Existe una vulnerabilidad de asignación inadecuada de recursos en la funcionalidad de gestión de configuración OAS Engine de Open Automation Software OAS Platform v18.00.0072. Una serie de peticiones de red especialmente manipuladas puede conducir a la creación de un directorio arbitrario. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1773 https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1773 • CWE-770: Allocation of Resources Without Limits or Throttling •