PT-2022-17655 · Open Automation · Open Automation Software Oas Platform

Jared Rittle

Published

2022-05-25

Updated

2023-07-26

CVE-2022-26077

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Open Automation Software OAS Platform version 16.00.0112

Description A cleartext transmission of sensitive information issue exists in the OAS Engine configuration communications functionality. This can be exploited through a targeted network sniffing attack, leading to the disclosure of sensitive information. An attacker can trigger this issue by sniffing network traffic.

Recommendations For Open Automation Software OAS Platform version 16.00.0112, consider implementing encryption for the OAS Engine configuration communications to prevent cleartext transmission of sensitive information. As a temporary workaround, restrict access to the network to minimize the risk of exploitation.

Exploit

Fix

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319

Related Identifiers

CVE-2022-26077

Affected Products

Open Automation Software Oas Platform

PT-2022-17655 · Open Automation · Open Automation Software Oas Platform

CVE-2022-26077

Weakness Enumeration

Related Identifiers

Affected Products

References · 3