Search criteria
48 vulnerabilities found for oas_platform by openautomationsoftware
FKIE_CVE-2023-34994
Vulnerability from fkie_nvd - Published: 2023-09-05 17:15 - Updated: 2024-11-21 08:07
Severity ?
3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
An improper resource allocation vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to creation of an arbitrary directory. An attacker can send a sequence of requests to trigger this vulnerability.
References
| URL | Tags | ||
|---|---|---|---|
| talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2023-1773 | Exploit, Technical Description, Third Party Advisory | |
| talos-cna@cisco.com | https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1773 | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2023-1773 | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1773 | Exploit, Technical Description, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openautomationsoftware | oas_platform | 18.00.0072 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openautomationsoftware:oas_platform:18.00.0072:*:*:*:*:*:*:*",
"matchCriteriaId": "42650183-88E5-4F14-A46F-A6215E98B081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper resource allocation vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to creation of an arbitrary directory. An attacker can send a sequence of requests to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de asignaci\u00f3n inadecuada de recursos en la funcionalidad de gesti\u00f3n de configuraci\u00f3n OAS Engine de Open Automation Software OAS Platform v18.00.0072. Una serie de peticiones de red especialmente manipuladas puede conducir a la creaci\u00f3n de un directorio arbitrario. Un atacante puede enviar una secuencia de peticiones para activar esta vulnerabilidad. "
}
],
"id": "CVE-2023-34994",
"lastModified": "2024-11-21T08:07:47.670",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-05T17:15:09.053",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1773"
},
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1773"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "talos-cna@cisco.com",
"type": "Primary"
}
]
}
FKIE_CVE-2023-34998
Vulnerability from fkie_nvd - Published: 2023-09-05 17:15 - Updated: 2024-11-21 08:07
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary authentication. An attacker can sniff network traffic to trigger this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openautomationsoftware | oas_platform | 18.00.0072 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openautomationsoftware:oas_platform:18.00.0072:*:*:*:*:*:*:*",
"matchCriteriaId": "42650183-88E5-4F14-A46F-A6215E98B081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary authentication. An attacker can sniff network traffic to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en la funcionalidad del motor OAS de Open Automation Software OAS Platform v18.00.0072. Una serie de solicitudes de red especialmente dise\u00f1adas pueden dar lugar a una autenticaci\u00f3n arbitraria. Un atacante puede rastrear el tr\u00e1fico de la red para desencadenar esta vulnerabilidad."
}
],
"id": "CVE-2023-34998",
"lastModified": "2024-11-21T08:07:48.073",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-05T17:15:09.153",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1770"
},
{
"source": "talos-cna@cisco.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1770"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-35124
Vulnerability from fkie_nvd - Published: 2023-09-05 17:15 - Updated: 2024-11-21 08:07
Severity ?
3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability.
References
| URL | Tags | ||
|---|---|---|---|
| talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2023-1775 | Exploit, Technical Description, Third Party Advisory | |
| talos-cna@cisco.com | https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1775 | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2023-1775 | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1775 | Exploit, Technical Description, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openautomationsoftware | oas_platform | 18.00.0072 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openautomationsoftware:oas_platform:18.00.0072:*:*:*:*:*:*:*",
"matchCriteriaId": "42650183-88E5-4F14-A46F-A6215E98B081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en la funcionalidad de gesti\u00f3n de configuraci\u00f3n del motor OAS de Open Automation Software OAS Platform v18.00.0072. Una serie de solicitudes de red especialmente manipuladas pueden dar lugar a la divulgaci\u00f3n de informaci\u00f3n sensible. Un atacante puede enviar una secuencia de solicitudes para desencadenar esta vulnerabilidad."
}
],
"id": "CVE-2023-35124",
"lastModified": "2024-11-21T08:07:59.337",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-05T17:15:09.237",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1775"
},
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1775"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "talos-cna@cisco.com",
"type": "Primary"
}
]
}
FKIE_CVE-2023-31242
Vulnerability from fkie_nvd - Published: 2023-09-05 17:15 - Updated: 2024-11-21 08:01
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially-crafted series of network requests can lead to arbitrary authentication. An attacker can send a sequence of requests to trigger this vulnerability.
References
| URL | Tags | ||
|---|---|---|---|
| talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2023-1769 | Exploit, Technical Description, Third Party Advisory | |
| talos-cna@cisco.com | https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1769 | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2023-1769 | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1769 | Exploit, Technical Description, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openautomationsoftware | oas_platform | 18.00.0072 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openautomationsoftware:oas_platform:18.00.0072:*:*:*:*:*:*:*",
"matchCriteriaId": "42650183-88E5-4F14-A46F-A6215E98B081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially-crafted series of network requests can lead to arbitrary authentication. An attacker can send a sequence of requests to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en la funcionalidad del motor OAS de Open Automation Software OAS Platform v18.00.0072. Una serie de solicitudes de red especialmente dise\u00f1adas pueden conducir a una autenticaci\u00f3n arbitraria. Un atacante puede enviar una secuencia de solicitudes para desencadenar esta vulnerabilidad."
}
],
"id": "CVE-2023-31242",
"lastModified": "2024-11-21T08:01:41.740",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-05T17:15:08.517",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1769"
},
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1769"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-32615
Vulnerability from fkie_nvd - Published: 2023-09-05 17:15 - Updated: 2024-11-21 08:03
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Summary
A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openautomationsoftware | oas_platform | 18.00.0072 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openautomationsoftware:oas_platform:18.00.0072:*:*:*:*:*:*:*",
"matchCriteriaId": "42650183-88E5-4F14-A46F-A6215E98B081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de escritura de archivos en la funcionalidad de configuraci\u00f3n del motor OAS de Open Automation Software OAS Platform v18.00.0072. Una serie de solicitudes de red especialmente dise\u00f1adas pueden provocar la creaci\u00f3n o sobrescritura de archivos arbitrarios. Un atacante puede enviar una secuencia de solicitudes para desencadenar esta vulnerabilidad."
}
],
"id": "CVE-2023-32615",
"lastModified": "2024-11-21T08:03:42.267",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-05T17:15:08.777",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1771"
},
{
"source": "talos-cna@cisco.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1771"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-73"
}
],
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-610"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-34317
Vulnerability from fkie_nvd - Published: 2023-09-05 17:15 - Updated: 2024-11-21 08:06
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
An improper input validation vulnerability exists in the OAS Engine User Creation functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to trigger this vulnerability.
References
| URL | Tags | ||
|---|---|---|---|
| talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2023-1772 | Exploit, Technical Description, Third Party Advisory | |
| talos-cna@cisco.com | https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1772 | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2023-1772 | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1772 | Exploit, Technical Description, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openautomationsoftware | oas_platform | 18.00.0072 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openautomationsoftware:oas_platform:18.00.0072:*:*:*:*:*:*:*",
"matchCriteriaId": "42650183-88E5-4F14-A46F-A6215E98B081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper input validation vulnerability exists in the OAS Engine User Creation functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de validaci\u00f3n de entrada inadecuada en la funcionalidad OAS Engine User Creation de Open Automation Software OAS Platform v18.00.0072. Una serie de solicitudes de red especialmente manipuladas puede generar datos inesperados en la configuraci\u00f3n. Un atacante puede enviar una secuencia de peticiones para activar esta vulnerabilidad. "
}
],
"id": "CVE-2023-34317",
"lastModified": "2024-11-21T08:06:59.937",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-05T17:15:08.877",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1772"
},
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1772"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "talos-cna@cisco.com",
"type": "Primary"
}
]
}
FKIE_CVE-2023-34353
Vulnerability from fkie_nvd - Published: 2023-09-05 17:15 - Updated: 2024-11-21 08:07
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
An authentication bypass vulnerability exists in the OAS Engine authentication functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted network sniffing can lead to decryption of sensitive information. An attacker can sniff network traffic to trigger this vulnerability.
References
| URL | Tags | ||
|---|---|---|---|
| talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2023-1776 | Exploit, Technical Description, Third Party Advisory | |
| talos-cna@cisco.com | https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1776 | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2023-1776 | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1776 | Exploit, Technical Description, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openautomationsoftware | oas_platform | 18.00.0072 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openautomationsoftware:oas_platform:18.00.0072:*:*:*:*:*:*:*",
"matchCriteriaId": "42650183-88E5-4F14-A46F-A6215E98B081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass vulnerability exists in the OAS Engine authentication functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted network sniffing can lead to decryption of sensitive information. An attacker can sniff network traffic to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en la funcionalidad de autenticaci\u00f3n del motor OAS de Open Automation Software OAS Platform v18.00.0072. Un rastreo de red especialmente dise\u00f1ado puede conducir al descifrado de informaci\u00f3n confidencial. Un atacante puede rastrear el tr\u00e1fico de la red para desencadenar esta vulnerabilidad."
}
],
"id": "CVE-2023-34353",
"lastModified": "2024-11-21T08:07:04.850",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-05T17:15:08.963",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1776"
},
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1776"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "talos-cna@cisco.com",
"type": "Primary"
}
]
}
FKIE_CVE-2023-32271
Vulnerability from fkie_nvd - Published: 2023-09-05 17:15 - Updated: 2024-11-21 08:03
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability.
References
| URL | Tags | ||
|---|---|---|---|
| talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2023-1774 | Exploit, Technical Description, Third Party Advisory | |
| talos-cna@cisco.com | https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1774 | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2023-1774 | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1774 | Exploit, Technical Description, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openautomationsoftware | oas_platform | 18.00.0072 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openautomationsoftware:oas_platform:18.00.0072:*:*:*:*:*:*:*",
"matchCriteriaId": "42650183-88E5-4F14-A46F-A6215E98B081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en la funcionalidad de gesti\u00f3n de configuraci\u00f3n de OAS Engine de Open Automation Software OAS Platform v18.00.0072. Una serie de peticiones de red especialmente manipuladas puede conducir a la divulgaci\u00f3n de informaci\u00f3n sensible. Un atacante puede enviar una secuencia de peticiones para activar esta vulnerabilidad. "
}
],
"id": "CVE-2023-32271",
"lastModified": "2024-11-21T08:03:01.050",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-05T17:15:08.670",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1774"
},
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1774"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "talos-cna@cisco.com",
"type": "Primary"
}
]
}
FKIE_CVE-2022-26082
Vulnerability from fkie_nvd - Published: 2022-05-25 21:15 - Updated: 2024-11-21 06:53
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.
References
| URL | Tags | ||
|---|---|---|---|
| talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2022-1493 | Exploit, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2022-1493 | Exploit, Mitigation, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openautomationsoftware | oas_platform | 16.00.0112 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openautomationsoftware:oas_platform:16.00.0112:*:*:*:*:*:*:*",
"matchCriteriaId": "53E04F42-0257-46EF-B70E-BFEEF713F2A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de escritura de archivos en la funcionalidad OAS Engine SecureTransferFiles de Open Automation Software OAS Platform versi\u00f3n V16.00.0112. Una serie de peticiones de red especialmente dise\u00f1adas puede conllevar a una ejecuci\u00f3n remota de c\u00f3digo. Un atacante puede enviar una secuencia de peticiones para desencadenar esta vulnerabilidad"
}
],
"id": "CVE-2022-26082",
"lastModified": "2024-11-21T06:53:23.993",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-25T21:15:08.147",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1493"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "talos-cna@cisco.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-26833
Vulnerability from fkie_nvd - Published: 2022-05-25 21:15 - Updated: 2024-11-21 06:54
Severity ?
9.4 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
9.4 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
9.4 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Summary
An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this vulnerability.
References
| URL | Tags | ||
|---|---|---|---|
| talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2022-1513 | Exploit, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2022-1513 | Exploit, Mitigation, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openautomationsoftware | oas_platform | 16.00.0112 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openautomationsoftware:oas_platform:16.00.0112:*:*:*:*:*:*:*",
"matchCriteriaId": "53E04F42-0257-46EF-B70E-BFEEF713F2A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this vulnerability."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de autenticaci\u00f3n inapropiada en la funcionalidad de la API REST de Open Automation Software OAS Platform versi\u00f3n V16.00.0121. Una serie de peticiones HTTP especialmente dise\u00f1adas puede conllevar a un uso no autenticado de la API REST. Un atacante puede enviar una serie de peticiones HTTP para desencadenar esta vulnerabilidad"
}
],
"id": "CVE-2022-26833",
"lastModified": "2024-11-21T06:54:36.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.5,
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-25T21:15:08.250",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1513"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1513"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "talos-cna@cisco.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-26077
Vulnerability from fkie_nvd - Published: 2022-05-25 21:15 - Updated: 2024-11-21 06:53
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. A targeted network sniffing attack can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability.
References
| URL | Tags | ||
|---|---|---|---|
| talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2022-1490 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2022-1490 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openautomationsoftware | oas_platform | 16.00.0112 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openautomationsoftware:oas_platform:16.00.0112:*:*:*:*:*:*:*",
"matchCriteriaId": "53E04F42-0257-46EF-B70E-BFEEF713F2A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. A targeted network sniffing attack can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de transmisi\u00f3n de texto sin cifrar de informaci\u00f3n confidencial en la funcionalidad OAS Engine configuration communications de Open Automation Software OAS Platform versi\u00f3n V16.00.0112. Un ataque de sniffing de red dirigido puede conllevar a una divulgaci\u00f3n de informaci\u00f3n confidencial. Un atacante puede olfatear el tr\u00e1fico de red para desencadenar esta vulnerabilidad"
}
],
"id": "CVE-2022-26077",
"lastModified": "2024-11-21T06:53:23.393",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-25T21:15:08.097",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1490"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1490"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "talos-cna@cisco.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-26303
Vulnerability from fkie_nvd - Published: 2022-05-25 21:15 - Updated: 2024-11-21 06:53
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
An external config control vulnerability exists in the OAS Engine SecureAddUser functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of an OAS user account. An attacker can send a sequence of requests to trigger this vulnerability.
References
| URL | Tags | ||
|---|---|---|---|
| talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2022-1488 | Exploit, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2022-1488 | Exploit, Mitigation, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openautomationsoftware | oas_platform | 16.00.0112 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openautomationsoftware:oas_platform:16.00.0112:*:*:*:*:*:*:*",
"matchCriteriaId": "53E04F42-0257-46EF-B70E-BFEEF713F2A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An external config control vulnerability exists in the OAS Engine SecureAddUser functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of an OAS user account. An attacker can send a sequence of requests to trigger this vulnerability."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de control de configuraci\u00f3n externa en la funcionalidad OAS Engine SecureAddUser de Open Automation Software OAS Platform versi\u00f3n V16.00.0112. Una serie de peticiones de red especialmente dise\u00f1adas puede conllevar a una creaci\u00f3n de una cuenta de usuario de OAS. Un atacante puede enviar una secuencia de peticiones para desencadenar esta vulnerabilidad"
}
],
"id": "CVE-2022-26303",
"lastModified": "2024-11-21T06:53:43.330",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-25T21:15:08.197",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1488"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "talos-cna@cisco.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-27169
Vulnerability from fkie_nvd - Published: 2022-05-25 21:15 - Updated: 2024-11-21 06:55
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
An information disclosure vulnerability exists in the OAS Engine SecureBrowseFile functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to a disclosure of sensitive information. An attacker can send a network request to trigger this vulnerability.
References
| URL | Tags | ||
|---|---|---|---|
| talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2022-1494 | Exploit, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2022-1494 | Exploit, Mitigation, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openautomationsoftware | oas_platform | 16.00.0112 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openautomationsoftware:oas_platform:16.00.0112:*:*:*:*:*:*:*",
"matchCriteriaId": "53E04F42-0257-46EF-B70E-BFEEF713F2A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists in the OAS Engine SecureBrowseFile functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to a disclosure of sensitive information. An attacker can send a network request to trigger this vulnerability."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en la funcionalidad OAS Engine SecureBrowseFile de Open Automation Software OAS Platform versi\u00f3n V16.00.0112. Una petici\u00f3n de red especialmente dise\u00f1ada puede conllevar a una divulgaci\u00f3n de informaci\u00f3n confidencial. Un atacante puede enviar una petici\u00f3n de red para desencadenar esta vulnerabilidad"
}
],
"id": "CVE-2022-27169",
"lastModified": "2024-11-21T06:55:20.260",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-25T21:15:08.300",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1494"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1494"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "talos-cna@cisco.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-26067
Vulnerability from fkie_nvd - Published: 2022-05-25 21:15 - Updated: 2024-11-21 06:53
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to arbitrary file read. An attacker can send a sequence of requests to trigger this vulnerability.
References
| URL | Tags | ||
|---|---|---|---|
| talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2022-1492 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2022-1492 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openautomationsoftware | oas_platform | 16.00.0112 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openautomationsoftware:oas_platform:16.00.0112:*:*:*:*:*:*:*",
"matchCriteriaId": "53E04F42-0257-46EF-B70E-BFEEF713F2A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to arbitrary file read. An attacker can send a sequence of requests to trigger this vulnerability."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en la funcionalidad OAS Engine SecureTransferFiles de Open Automation Software OAS Platform versi\u00f3n V16.00.0112. Una serie de peticiones de red especialmente dise\u00f1adas puede conllevar a una lectura arbitraria de archivos. Un atacante puede enviar una secuencia de peticiones para desencadenar esta vulnerabilidad"
}
],
"id": "CVE-2022-26067",
"lastModified": "2024-11-21T06:53:22.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-25T21:15:08.047",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1492"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "talos-cna@cisco.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
CVE-2023-31242 (GCVE-0-2023-31242)
Vulnerability from cvelistv5 – Published: 2023-09-05 16:15 – Updated: 2025-02-13 16:49
VLAI?
Summary
An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially-crafted series of network requests can lead to arbitrary authentication. An attacker can send a sequence of requests to trigger this vulnerability.
Severity ?
8.1 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Open Automation Software | OAS Platform |
Affected:
v18.00.0072
|
Credits
Discovered by a member of Cisco Talos.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:53:30.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1769",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1769"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1769"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:openautomationsoftware:oas_platform:18.00.0072:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "oas_platform",
"vendor": "openautomationsoftware",
"versions": [
{
"status": "affected",
"version": "18.00.0072"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31242",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T19:53:46.063454Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T19:54:09.797Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OAS Platform",
"vendor": "Open Automation Software",
"versions": [
{
"status": "affected",
"version": "v18.00.0072"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by a member of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially-crafted series of network requests can lead to arbitrary authentication. An attacker can send a sequence of requests to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-05T16:15:08.574Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1769",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1769"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1769"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-31242",
"datePublished": "2023-09-05T16:15:05.565Z",
"dateReserved": "2023-06-13T16:55:44.396Z",
"dateUpdated": "2025-02-13T16:49:47.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34998 (GCVE-0-2023-34998)
Vulnerability from cvelistv5 – Published: 2023-09-05 16:15 – Updated: 2025-02-13 16:55
VLAI?
Summary
An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary authentication. An attacker can sniff network traffic to trigger this vulnerability.
Severity ?
8.1 (High)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Open Automation Software | OAS Platform |
Affected:
v18.00.0072
|
Credits
Discovered by a member of Cisco Talos.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:17:04.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1770",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1770"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1770"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:openautomationsoftware:oas_platform:18.00.0072:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "oas_platform",
"vendor": "openautomationsoftware",
"versions": [
{
"status": "affected",
"version": "18.00.0072"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34998",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T19:52:32.291088Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T19:53:26.000Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OAS Platform",
"vendor": "Open Automation Software",
"versions": [
{
"status": "affected",
"version": "v18.00.0072"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by a member of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary authentication. An attacker can sniff network traffic to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319: Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-05T16:15:15.440Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1770",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1770"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1770"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-34998",
"datePublished": "2023-09-05T16:15:05.068Z",
"dateReserved": "2023-06-13T16:58:36.846Z",
"dateUpdated": "2025-02-13T16:55:42.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34317 (GCVE-0-2023-34317)
Vulnerability from cvelistv5 – Published: 2023-09-05 16:15 – Updated: 2025-02-13 16:55
VLAI?
Summary
An improper input validation vulnerability exists in the OAS Engine User Creation functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to trigger this vulnerability.
Severity ?
6.5 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Open Automation Software | OAS Platform |
Affected:
v18.00.0072
|
Credits
Discovered by a member of Cisco Talos.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:06.380Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1772",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1772"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1772"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34317",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T19:49:55.287011Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T19:50:05.084Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OAS Platform",
"vendor": "Open Automation Software",
"versions": [
{
"status": "affected",
"version": "v18.00.0072"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by a member of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper input validation vulnerability exists in the OAS Engine User Creation functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-05T16:15:12.188Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1772",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1772"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1772"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-34317",
"datePublished": "2023-09-05T16:15:04.162Z",
"dateReserved": "2023-06-13T17:03:40.750Z",
"dateUpdated": "2025-02-13T16:55:26.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32615 (GCVE-0-2023-32615)
Vulnerability from cvelistv5 – Published: 2023-09-05 16:15 – Updated: 2025-02-13 16:54
VLAI?
Summary
A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerability.
Severity ?
6.5 (Medium)
CWE
- CWE-73 - External Control of File Name or Path
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Open Automation Software | OAS Platform |
Affected:
v18.00.0072
|
Credits
Discovered by a member of Cisco Talos.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:35.751Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1771",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1771"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1771"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32615",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T19:49:15.708087Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T19:49:36.690Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OAS Platform",
"vendor": "Open Automation Software",
"versions": [
{
"status": "affected",
"version": "v18.00.0072"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by a member of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73: External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-05T16:15:11.115Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1771",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1771"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1771"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-32615",
"datePublished": "2023-09-05T16:15:04.609Z",
"dateReserved": "2023-06-13T17:01:51.696Z",
"dateUpdated": "2025-02-13T16:54:51.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34994 (GCVE-0-2023-34994)
Vulnerability from cvelistv5 – Published: 2023-09-05 16:15 – Updated: 2025-02-13 16:55
VLAI?
Summary
An improper resource allocation vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to creation of an arbitrary directory. An attacker can send a sequence of requests to trigger this vulnerability.
Severity ?
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Open Automation Software | OAS Platform |
Affected:
v18.00.0072
|
Credits
Discovered by a member of Cisco Talos.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:17:04.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1773",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1773"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1773"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34994",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T19:50:23.627266Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T19:50:34.565Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OAS Platform",
"vendor": "Open Automation Software",
"versions": [
{
"status": "affected",
"version": "v18.00.0072"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by a member of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper resource allocation vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to creation of an arbitrary directory. An attacker can send a sequence of requests to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-05T16:15:14.310Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1773",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1773"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1773"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-34994",
"datePublished": "2023-09-05T16:15:03.744Z",
"dateReserved": "2023-06-13T17:04:29.057Z",
"dateUpdated": "2025-02-13T16:55:42.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32271 (GCVE-0-2023-32271)
Vulnerability from cvelistv5 – Published: 2023-09-05 16:15 – Updated: 2025-02-13 16:50
VLAI?
Summary
An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability.
Severity ?
6.5 (Medium)
CWE
- CWE-200 - Information Exposure
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Open Automation Software | OAS Platform |
Affected:
v18.00.0072
|
Credits
Discovered by a member of Cisco Talos.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:10:24.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1774",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1774"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1774"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32271",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T19:50:56.814460Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T19:51:07.088Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OAS Platform",
"vendor": "Open Automation Software",
"versions": [
{
"status": "affected",
"version": "v18.00.0072"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by a member of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-05T16:15:10.084Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1774",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1774"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1774"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-32271",
"datePublished": "2023-09-05T16:15:03.252Z",
"dateReserved": "2023-06-13T17:06:03.072Z",
"dateUpdated": "2025-02-13T16:50:29.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-35124 (GCVE-0-2023-35124)
Vulnerability from cvelistv5 – Published: 2023-09-05 16:15 – Updated: 2025-02-13 16:55
VLAI?
Summary
An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability.
Severity ?
CWE
- CWE-209 - Information Exposure Through an Error Message
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Open Automation Software | OAS Platform |
Affected:
v18.00.0072
|
Credits
Discovered by a member of Cisco Talos.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:23:59.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1775",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1775"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1775"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35124",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T19:51:27.755548Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T19:51:36.001Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OAS Platform",
"vendor": "Open Automation Software",
"versions": [
{
"status": "affected",
"version": "v18.00.0072"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by a member of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209: Information Exposure Through an Error Message",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-05T16:15:16.457Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1775",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1775"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1775"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-35124",
"datePublished": "2023-09-05T16:15:02.803Z",
"dateReserved": "2023-06-13T17:06:39.006Z",
"dateUpdated": "2025-02-13T16:55:47.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34353 (GCVE-0-2023-34353)
Vulnerability from cvelistv5 – Published: 2023-09-05 16:15 – Updated: 2025-02-13 16:55
VLAI?
Summary
An authentication bypass vulnerability exists in the OAS Engine authentication functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted network sniffing can lead to decryption of sensitive information. An attacker can sniff network traffic to trigger this vulnerability.
Severity ?
7.5 (High)
CWE
- CWE-330 - Use of Insufficiently Random Values
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Open Automation Software | OAS Platform |
Affected:
v18.00.0072
|
Credits
Discovered by a member of Cisco Talos.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:06.405Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1776",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1776"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1776"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34353",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T19:52:03.949429Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T19:52:13.503Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OAS Platform",
"vendor": "Open Automation Software",
"versions": [
{
"status": "affected",
"version": "v18.00.0072"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by a member of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass vulnerability exists in the OAS Engine authentication functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted network sniffing can lead to decryption of sensitive information. An attacker can sniff network traffic to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330: Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-05T16:15:13.191Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1776",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1776"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1776"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-34353",
"datePublished": "2023-09-05T16:15:02.295Z",
"dateReserved": "2023-06-13T17:22:56.076Z",
"dateUpdated": "2025-02-13T16:55:30.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31242 (GCVE-0-2023-31242)
Vulnerability from nvd – Published: 2023-09-05 16:15 – Updated: 2025-02-13 16:49
VLAI?
Summary
An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially-crafted series of network requests can lead to arbitrary authentication. An attacker can send a sequence of requests to trigger this vulnerability.
Severity ?
8.1 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Open Automation Software | OAS Platform |
Affected:
v18.00.0072
|
Credits
Discovered by a member of Cisco Talos.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:53:30.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1769",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1769"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1769"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:openautomationsoftware:oas_platform:18.00.0072:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "oas_platform",
"vendor": "openautomationsoftware",
"versions": [
{
"status": "affected",
"version": "18.00.0072"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31242",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T19:53:46.063454Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T19:54:09.797Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OAS Platform",
"vendor": "Open Automation Software",
"versions": [
{
"status": "affected",
"version": "v18.00.0072"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by a member of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially-crafted series of network requests can lead to arbitrary authentication. An attacker can send a sequence of requests to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-05T16:15:08.574Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1769",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1769"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1769"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-31242",
"datePublished": "2023-09-05T16:15:05.565Z",
"dateReserved": "2023-06-13T16:55:44.396Z",
"dateUpdated": "2025-02-13T16:49:47.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34998 (GCVE-0-2023-34998)
Vulnerability from nvd – Published: 2023-09-05 16:15 – Updated: 2025-02-13 16:55
VLAI?
Summary
An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary authentication. An attacker can sniff network traffic to trigger this vulnerability.
Severity ?
8.1 (High)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Open Automation Software | OAS Platform |
Affected:
v18.00.0072
|
Credits
Discovered by a member of Cisco Talos.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:17:04.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1770",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1770"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1770"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:openautomationsoftware:oas_platform:18.00.0072:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "oas_platform",
"vendor": "openautomationsoftware",
"versions": [
{
"status": "affected",
"version": "18.00.0072"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34998",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T19:52:32.291088Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T19:53:26.000Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OAS Platform",
"vendor": "Open Automation Software",
"versions": [
{
"status": "affected",
"version": "v18.00.0072"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by a member of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary authentication. An attacker can sniff network traffic to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319: Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-05T16:15:15.440Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1770",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1770"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1770"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-34998",
"datePublished": "2023-09-05T16:15:05.068Z",
"dateReserved": "2023-06-13T16:58:36.846Z",
"dateUpdated": "2025-02-13T16:55:42.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34317 (GCVE-0-2023-34317)
Vulnerability from nvd – Published: 2023-09-05 16:15 – Updated: 2025-02-13 16:55
VLAI?
Summary
An improper input validation vulnerability exists in the OAS Engine User Creation functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to trigger this vulnerability.
Severity ?
6.5 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Open Automation Software | OAS Platform |
Affected:
v18.00.0072
|
Credits
Discovered by a member of Cisco Talos.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:06.380Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1772",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1772"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1772"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34317",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T19:49:55.287011Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T19:50:05.084Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OAS Platform",
"vendor": "Open Automation Software",
"versions": [
{
"status": "affected",
"version": "v18.00.0072"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by a member of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper input validation vulnerability exists in the OAS Engine User Creation functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-05T16:15:12.188Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1772",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1772"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1772"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-34317",
"datePublished": "2023-09-05T16:15:04.162Z",
"dateReserved": "2023-06-13T17:03:40.750Z",
"dateUpdated": "2025-02-13T16:55:26.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32615 (GCVE-0-2023-32615)
Vulnerability from nvd – Published: 2023-09-05 16:15 – Updated: 2025-02-13 16:54
VLAI?
Summary
A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerability.
Severity ?
6.5 (Medium)
CWE
- CWE-73 - External Control of File Name or Path
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Open Automation Software | OAS Platform |
Affected:
v18.00.0072
|
Credits
Discovered by a member of Cisco Talos.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:35.751Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1771",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1771"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1771"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32615",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T19:49:15.708087Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T19:49:36.690Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OAS Platform",
"vendor": "Open Automation Software",
"versions": [
{
"status": "affected",
"version": "v18.00.0072"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by a member of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73: External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-05T16:15:11.115Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1771",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1771"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1771"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-32615",
"datePublished": "2023-09-05T16:15:04.609Z",
"dateReserved": "2023-06-13T17:01:51.696Z",
"dateUpdated": "2025-02-13T16:54:51.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34994 (GCVE-0-2023-34994)
Vulnerability from nvd – Published: 2023-09-05 16:15 – Updated: 2025-02-13 16:55
VLAI?
Summary
An improper resource allocation vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to creation of an arbitrary directory. An attacker can send a sequence of requests to trigger this vulnerability.
Severity ?
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Open Automation Software | OAS Platform |
Affected:
v18.00.0072
|
Credits
Discovered by a member of Cisco Talos.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:17:04.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1773",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1773"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1773"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34994",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T19:50:23.627266Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T19:50:34.565Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OAS Platform",
"vendor": "Open Automation Software",
"versions": [
{
"status": "affected",
"version": "v18.00.0072"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by a member of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper resource allocation vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to creation of an arbitrary directory. An attacker can send a sequence of requests to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-05T16:15:14.310Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1773",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1773"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1773"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-34994",
"datePublished": "2023-09-05T16:15:03.744Z",
"dateReserved": "2023-06-13T17:04:29.057Z",
"dateUpdated": "2025-02-13T16:55:42.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32271 (GCVE-0-2023-32271)
Vulnerability from nvd – Published: 2023-09-05 16:15 – Updated: 2025-02-13 16:50
VLAI?
Summary
An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability.
Severity ?
6.5 (Medium)
CWE
- CWE-200 - Information Exposure
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Open Automation Software | OAS Platform |
Affected:
v18.00.0072
|
Credits
Discovered by a member of Cisco Talos.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:10:24.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1774",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1774"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1774"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32271",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T19:50:56.814460Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T19:51:07.088Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OAS Platform",
"vendor": "Open Automation Software",
"versions": [
{
"status": "affected",
"version": "v18.00.0072"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by a member of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-05T16:15:10.084Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1774",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1774"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1774"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-32271",
"datePublished": "2023-09-05T16:15:03.252Z",
"dateReserved": "2023-06-13T17:06:03.072Z",
"dateUpdated": "2025-02-13T16:50:29.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-35124 (GCVE-0-2023-35124)
Vulnerability from nvd – Published: 2023-09-05 16:15 – Updated: 2025-02-13 16:55
VLAI?
Summary
An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability.
Severity ?
CWE
- CWE-209 - Information Exposure Through an Error Message
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Open Automation Software | OAS Platform |
Affected:
v18.00.0072
|
Credits
Discovered by a member of Cisco Talos.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:23:59.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1775",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1775"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1775"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35124",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T19:51:27.755548Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T19:51:36.001Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OAS Platform",
"vendor": "Open Automation Software",
"versions": [
{
"status": "affected",
"version": "v18.00.0072"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by a member of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209: Information Exposure Through an Error Message",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-05T16:15:16.457Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1775",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1775"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1775"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-35124",
"datePublished": "2023-09-05T16:15:02.803Z",
"dateReserved": "2023-06-13T17:06:39.006Z",
"dateUpdated": "2025-02-13T16:55:47.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34353 (GCVE-0-2023-34353)
Vulnerability from nvd – Published: 2023-09-05 16:15 – Updated: 2025-02-13 16:55
VLAI?
Summary
An authentication bypass vulnerability exists in the OAS Engine authentication functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted network sniffing can lead to decryption of sensitive information. An attacker can sniff network traffic to trigger this vulnerability.
Severity ?
7.5 (High)
CWE
- CWE-330 - Use of Insufficiently Random Values
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Open Automation Software | OAS Platform |
Affected:
v18.00.0072
|
Credits
Discovered by a member of Cisco Talos.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:06.405Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1776",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1776"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1776"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34353",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T19:52:03.949429Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T19:52:13.503Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OAS Platform",
"vendor": "Open Automation Software",
"versions": [
{
"status": "affected",
"version": "v18.00.0072"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by a member of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass vulnerability exists in the OAS Engine authentication functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted network sniffing can lead to decryption of sensitive information. An attacker can sniff network traffic to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330: Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-05T16:15:13.191Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1776",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1776"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1776"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-34353",
"datePublished": "2023-09-05T16:15:02.295Z",
"dateReserved": "2023-06-13T17:22:56.076Z",
"dateUpdated": "2025-02-13T16:55:30.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}