CVE-2023-32615
Severity Score
8.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerability.
Existe una vulnerabilidad de escritura de archivos en la funcionalidad de configuración del motor OAS de Open Automation Software OAS Platform v18.00.0072. Una serie de solicitudes de red especialmente diseñadas pueden provocar la creación o sobrescritura de archivos arbitrarios. Un atacante puede enviar una secuencia de solicitudes para desencadenar esta vulnerabilidad.
*Credits:
Discovered by a member of Cisco Talos.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-06-13 CVE Reserved
- 2023-09-05 CVE Published
- 2024-09-11 EPSS Updated
- 2024-09-26 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-73: External Control of File Name or Path
- CWE-610: Externally Controlled Reference to a Resource in Another Sphere
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://talosintelligence.com/vulnerability_reports/TALOS-2023-1771 | Third Party Advisory | |
| https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1771 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Openautomationsoftware Search vendor "Openautomationsoftware" | Oas Platform Search vendor "Openautomationsoftware" for product "Oas Platform" | 18.00.0072 Search vendor "Openautomationsoftware" for product "Oas Platform" and version "18.00.0072" | - |
Affected
| ||||||