CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11220 – Open Automation Software Incorrect Execution-Assigned Permissions
https://notcve.org/view.php?id=CVE-2024-11220
06 Dec 2024 — A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. Any code within the rdlx file of the report executes with SYSTEM privileges, resulting in privilege escalation. • https://openautomationsoftware.com/downloads • CWE-279: Incorrect Execution-Assigned Permissions •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22178
https://notcve.org/view.php?id=CVE-2024-22178
03 Apr 2024 — A file write vulnerability exists in the OAS Engine Save Security Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerability. Existe una vulnerabilidad de escritura de archivos en la funcionalidad Guardar configuración de seguridad del motor OAS de Open Automation Software OAS Platform V19.00.0057. Una serie de solic... • https://talosintelligence.com/vulnerability_reports/TALOS-2024-1951 • CWE-73: External Control of File Name or Path •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-31242
https://notcve.org/view.php?id=CVE-2023-31242
05 Sep 2023 — An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially-crafted series of network requests can lead to arbitrary authentication. An attacker can send a sequence of requests to trigger this vulnerability. Existe una vulnerabilidad de omisión de autenticación en la funcionalidad del motor OAS de Open Automation Software OAS Platform v18.00.0072. Una serie de solicitudes de red especialmente diseñadas pueden conducir a una ... • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1769 • CWE-284: Improper Access Control CWE-287: Improper Authentication •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34998
https://notcve.org/view.php?id=CVE-2023-34998
05 Sep 2023 — An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary authentication. An attacker can sniff network traffic to trigger this vulnerability. Existe una vulnerabilidad de omisión de autenticación en la funcionalidad del motor OAS de Open Automation Software OAS Platform v18.00.0072. Una serie de solicitudes de red especialmente diseñadas pueden dar lugar a una auten... • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1770 • CWE-287: Improper Authentication CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32615
https://notcve.org/view.php?id=CVE-2023-32615
05 Sep 2023 — A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerability. Existe una vulnerabilidad de escritura de archivos en la funcionalidad de configuración del motor OAS de Open Automation Software OAS Platform v18.00.0072. Una serie de solicitudes de red especialmente dise... • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1771 • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-34317
https://notcve.org/view.php?id=CVE-2023-34317
05 Sep 2023 — An improper input validation vulnerability exists in the OAS Engine User Creation functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to trigger this vulnerability. Existe una vulnerabilidad de validación de entrada inadecuada en la funcionalidad OAS Engine User Creation de Open Automation Software OAS Platform v18.00.0072. Una serie de solicitudes de r... • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1772 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2023-34994
https://notcve.org/view.php?id=CVE-2023-34994
05 Sep 2023 — An improper resource allocation vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to creation of an arbitrary directory. An attacker can send a sequence of requests to trigger this vulnerability. Existe una vulnerabilidad de asignación inadecuada de recursos en la funcionalidad de gestión de configuración OAS Engine de Open Automation Software OAS Platform v18.00.0072. Un... • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1773 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-32271
https://notcve.org/view.php?id=CVE-2023-32271
05 Sep 2023 — An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability. Existe una vulnerabilidad de divulgación de información en la funcionalidad de gestión de configuración de OAS Engine de Open Automation Software OAS Platform v18.00.0072. Una serie... • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1774 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2023-35124
https://notcve.org/view.php?id=CVE-2023-35124
05 Sep 2023 — An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability. Existe una vulnerabilidad de divulgación de información en la funcionalidad de gestión de configuración del motor OAS de Open Automation Software OAS Platform v18.00.0072. Una serie... • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1775 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-34353
https://notcve.org/view.php?id=CVE-2023-34353
05 Sep 2023 — An authentication bypass vulnerability exists in the OAS Engine authentication functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted network sniffing can lead to decryption of sensitive information. An attacker can sniff network traffic to trigger this vulnerability. Existe una vulnerabilidad de omisión de autenticación en la funcionalidad de autenticación del motor OAS de Open Automation Software OAS Platform v18.00.0072. Un rastreo de red especialmente diseñado puede cond... • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1776 • CWE-330: Use of Insufficiently Random Values •