CVE-2023-32271
 
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability.
Existe una vulnerabilidad de divulgación de información en la funcionalidad de gestión de configuración de OAS Engine de Open Automation Software OAS Platform v18.00.0072. Una serie de peticiones de red especialmente manipuladas puede conducir a la divulgación de información sensible. Un atacante puede enviar una secuencia de peticiones para activar esta vulnerabilidad.
*Credits:
Discovered by a member of Cisco Talos.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-06-13 CVE Reserved
- 2023-09-05 CVE Published
- 2024-09-26 CVE Updated
- 2024-09-26 First Exploit
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1774 | 2024-09-26 | |
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1774 | 2024-09-26 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Openautomationsoftware Search vendor "Openautomationsoftware" | Oas Platform Search vendor "Openautomationsoftware" for product "Oas Platform" | 18.00.0072 Search vendor "Openautomationsoftware" for product "Oas Platform" and version "18.00.0072" | - |
Affected
|