This page lists publicly disclosed CVE vulnerabilities affecting openautomationsoftware open_automation_software (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-11220 | A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. Any code within the rdlx file of the report executes with SYSTEM privileges, resulting in privilege escalation. | [email protected] | 8.5 | 0.12% | 2024-12-06 | 2025-01-23 |
| CVE-2024-27201 | An improper input validation vulnerability exists in the OAS Engine User Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to trigger this vulnerability. | [email protected] | 4.9 | 0.15% | 2024-04-03 | 2025-11-04 |
| CVE-2024-24976 | A denial of service vulnerability exists in the OAS Engine File Data Source Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can cause the running program to stop. An attacker can send a sequence of requests to trigger this vulnerability. | [email protected] | 4.9 | 0.15% | 2024-04-03 | 2025-11-04 |
| CVE-2024-22178 | A file write vulnerability exists in the OAS Engine Save Security Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerability. | [email protected] | 4.9 | 0.15% | 2024-04-03 | 2025-11-04 |
| CVE-2024-21870 | A file write vulnerability exists in the OAS Engine Tags Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerability. | [email protected] | 4.9 | 0.15% | 2024-04-03 | 2025-11-04 |