CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-27169
https://notcve.org/view.php?id=CVE-2022-27169
25 May 2022 — An information disclosure vulnerability exists in the OAS Engine SecureBrowseFile functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to a disclosure of sensitive information. An attacker can send a network request to trigger this vulnerability. Se presenta una vulnerabilidad de divulgación de información en la funcionalidad OAS Engine SecureBrowseFile de Open Automation Software OAS Platform versión V16.00.0112. Una petición de red especialmente ... • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1494 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.4EPSS: 1%CPEs: 1EXPL: 1CVE-2022-26833
https://notcve.org/view.php?id=CVE-2022-26833
25 May 2022 — An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this vulnerability. Se presenta una vulnerabilidad de autenticación inapropiada en la funcionalidad de la API REST de Open Automation Software OAS Platform versión V16.00.0121. Una serie de peticiones HTTP especialmente diseñadas... • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1513 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-26303
https://notcve.org/view.php?id=CVE-2022-26303
25 May 2022 — An external config control vulnerability exists in the OAS Engine SecureAddUser functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of an OAS user account. An attacker can send a sequence of requests to trigger this vulnerability. Se presenta una vulnerabilidad de control de configuración externa en la funcionalidad OAS Engine SecureAddUser de Open Automation Software OAS Platform versión V16.00.0112. Una serie de petici... • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1488 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-26082
https://notcve.org/view.php?id=CVE-2022-26082
25 May 2022 — A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. Se presenta una vulnerabilidad de escritura de archivos en la funcionalidad OAS Engine SecureTransferFiles de Open Automation Software OAS Platform versión V16.00.0112. Una serie de peticiones de red especialmente d... • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1493 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-26077
https://notcve.org/view.php?id=CVE-2022-26077
25 May 2022 — A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. A targeted network sniffing attack can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability. Se presenta una vulnerabilidad de transmisión de texto sin cifrar de información confidencial en la funcionalidad OAS Engine configuration communications de Open Automatio... • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1490 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-26067
https://notcve.org/view.php?id=CVE-2022-26067
25 May 2022 — An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to arbitrary file read. An attacker can send a sequence of requests to trigger this vulnerability. Se presenta una vulnerabilidad de divulgación de información en la funcionalidad OAS Engine SecureTransferFiles de Open Automation Software OAS Platform versión V16.00.0112. Una serie de peticiones de red... • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1492 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-26043
https://notcve.org/view.php?id=CVE-2022-26043
25 May 2022 — An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of a custom Security Group. An attacker can send a sequence of requests to trigger this vulnerability. Se presenta una vulnerabilidad de control de configuración externa en la funcionalidad SecureAddSecurity del motor OAS de Open Automation Software OAS Platform versión V16.00.0112. Una ... • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1489 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-26026
https://notcve.org/view.php?id=CVE-2022-26026
25 May 2022 — A denial of service vulnerability exists in the OAS Engine SecureConfigValues functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to loss of communications. An attacker can send a network request to trigger this vulnerability. Se presenta una vulnerabilidad de denegación de servicio en la funcionalidad OAS Engine SecureConfigValues de Open Automation Software OAS Platform versión V16.00.0112. Una petición de red especialmente diseñada puede conlle... • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1491 • CWE-306: Missing Authentication for Critical Function •