Vulnerabilities (CVE)

Filtered by vendor Openautomationsoftware Subscribe
Total 16 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-34317 1 Openautomationsoftware 1 Oas Platform 2024-02-28 N/A 6.5 MEDIUM
An improper input validation vulnerability exists in the OAS Engine User Creation functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2023-32615 1 Openautomationsoftware 1 Oas Platform 2024-02-28 N/A 8.1 HIGH
A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2023-34998 1 Openautomationsoftware 1 Oas Platform 2024-02-28 N/A 8.1 HIGH
An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary authentication. An attacker can sniff network traffic to trigger this vulnerability.
CVE-2023-32271 1 Openautomationsoftware 1 Oas Platform 2024-02-28 N/A 6.5 MEDIUM
An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2023-35124 1 Openautomationsoftware 1 Oas Platform 2024-02-28 N/A 4.3 MEDIUM
An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2023-34994 1 Openautomationsoftware 1 Oas Platform 2024-02-28 N/A 4.3 MEDIUM
An improper resource allocation vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to creation of an arbitrary directory. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2023-34353 1 Openautomationsoftware 1 Oas Platform 2024-02-28 N/A 7.5 HIGH
An authentication bypass vulnerability exists in the OAS Engine authentication functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted network sniffing can lead to decryption of sensitive information. An attacker can sniff network traffic to trigger this vulnerability.
CVE-2023-31242 1 Openautomationsoftware 1 Oas Platform 2024-02-28 N/A 9.8 CRITICAL
An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially-crafted series of network requests can lead to arbitrary authentication. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2022-26082 1 Openautomationsoftware 1 Oas Platform 2024-02-28 7.5 HIGH 9.8 CRITICAL
A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2022-27169 1 Openautomationsoftware 1 Oas Platform 2024-02-28 5.0 MEDIUM 7.5 HIGH
An information disclosure vulnerability exists in the OAS Engine SecureBrowseFile functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to a disclosure of sensitive information. An attacker can send a network request to trigger this vulnerability.
CVE-2022-26303 1 Openautomationsoftware 1 Oas Platform 2024-02-28 5.0 MEDIUM 7.5 HIGH
An external config control vulnerability exists in the OAS Engine SecureAddUser functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of an OAS user account. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2022-26026 1 Openautomationsoftware 1 Oas Platform 2024-02-28 5.0 MEDIUM 7.5 HIGH
A denial of service vulnerability exists in the OAS Engine SecureConfigValues functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to loss of communications. An attacker can send a network request to trigger this vulnerability.
CVE-2022-26077 1 Openautomationsoftware 1 Oas Platform 2024-02-28 5.0 MEDIUM 7.5 HIGH
A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. A targeted network sniffing attack can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability.
CVE-2022-26833 1 Openautomationsoftware 1 Oas Platform 2024-02-28 7.5 HIGH 9.4 CRITICAL
An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this vulnerability.
CVE-2022-26043 1 Openautomationsoftware 1 Oas Platform 2024-02-28 5.0 MEDIUM 7.5 HIGH
An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of a custom Security Group. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2022-26067 1 Openautomationsoftware 1 Oas Platform 2024-02-28 5.0 MEDIUM 7.5 HIGH
An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to arbitrary file read. An attacker can send a sequence of requests to trigger this vulnerability.