彙總 openautomationsoftware 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
歷史漏洞主要涉及 輸入驗證問題與路徑處理缺陷 等問題,部分漏洞可能導致 檔案覆寫,並影響 生產負載與軟體部署 相關場景。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2024-11220 | A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. Any code within the rdlx file of the report executes with SYSTEM privileges, resulting in privilege escalation. | [email protected] | 8.5 | 0.12% | 2024-12-06 | 2025-01-23 |
| CVE-2024-27201 | An improper input validation vulnerability exists in the OAS Engine User Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to trigger this vulnerability. | [email protected] | 4.9 | 0.15% | 2024-04-03 | 2025-11-04 |
| CVE-2024-24976 | A denial of service vulnerability exists in the OAS Engine File Data Source Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can cause the running program to stop. An attacker can send a sequence of requests to trigger this vulnerability. | [email protected] | 4.9 | 0.15% | 2024-04-03 | 2025-11-04 |
| CVE-2024-22178 | A file write vulnerability exists in the OAS Engine Save Security Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerability. | [email protected] | 4.9 | 0.15% | 2024-04-03 | 2025-11-04 |
| CVE-2024-21870 | A file write vulnerability exists in the OAS Engine Tags Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerability. | [email protected] | 4.9 | 0.15% | 2024-04-03 | 2025-11-04 |
| CVE-2023-35124 | An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability. | [email protected] | 3.1 | 0.15% | 2023-09-05 | 2024-11-21 |
| CVE-2023-34998 | An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary authentication. An attacker can sniff network traffic to trigger this vulnerability. | [email protected] | 8.1 | 0.01% | 2023-09-05 | 2024-11-21 |
| CVE-2023-34994 | An improper resource allocation vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to creation of an arbitrary directory. An attacker can send a sequence of requests to trigger this vulnerability. | [email protected] | 3.1 | 0.06% | 2023-09-05 | 2024-11-21 |
| CVE-2023-34353 | An authentication bypass vulnerability exists in the OAS Engine authentication functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted network sniffing can lead to decryption of sensitive information. An attacker can sniff network traffic to trigger this vulnerability. | [email protected] | 7.5 | 0.05% | 2023-09-05 | 2024-11-21 |
| CVE-2023-34317 | An improper input validation vulnerability exists in the OAS Engine User Creation functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to trigger this vulnerability. | [email protected] | 6.5 | 0.07% | 2023-09-05 | 2024-11-21 |
| CVE-2023-32615 | A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerability. | [email protected] | 6.5 | 0.06% | 2023-09-05 | 2024-11-21 |
| CVE-2023-32271 | An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability. | [email protected] | 6.5 | 0.10% | 2023-09-05 | 2024-11-21 |
| CVE-2023-31242 | An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially-crafted series of network requests can lead to arbitrary authentication. An attacker can send a sequence of requests to trigger this vulnerability. | [email protected] | 8.1 | 0.02% | 2023-09-05 | 2024-11-21 |
| CVE-2022-27169 | An information disclosure vulnerability exists in the OAS Engine SecureBrowseFile functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to a disclosure of sensitive information. An attacker can send a network request to trigger this vulnerability. | [email protected] | 7.5 | 0.79% | 2022-05-25 | 2024-11-21 |
| CVE-2022-26833 | An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this vulnerability. | [email protected] | 9.4 | 87.36% | 2022-05-25 | 2024-11-21 |
| CVE-2022-26303 | An external config control vulnerability exists in the OAS Engine SecureAddUser functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of an OAS user account. An attacker can send a sequence of requests to trigger this vulnerability. | [email protected] | 7.5 | 0.27% | 2022-05-25 | 2024-11-21 |
| CVE-2022-26082 | A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. | [email protected] | 9.1 | 2.70% | 2022-05-25 | 2024-11-21 |
| CVE-2022-26077 | A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. A targeted network sniffing attack can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability. | [email protected] | 7.5 | 0.16% | 2022-05-25 | 2024-11-21 |
| CVE-2022-26067 | An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to arbitrary file read. An attacker can send a sequence of requests to trigger this vulnerability. | [email protected] | 4.9 | 0.37% | 2022-05-25 | 2024-11-21 |
| CVE-2022-26043 | An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of a custom Security Group. An attacker can send a sequence of requests to trigger this vulnerability. | [email protected] | 7.5 | 0.25% | 2022-05-25 | 2024-11-21 |