PT-2022-18264 · Open Automation · Open Automation Software Oas Platform
Jared Rittle
·
Published
2022-05-25
·
Updated
2023-07-26
·
CVE-2022-27169
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Open Automation Software OAS Platform version 16.00.0112
Description
An information disclosure issue exists in the OAS Engine SecureBrowseFile functionality. A specially-crafted network request can lead to a disclosure of sensitive information. An attacker can send a network request to trigger this issue.
Recommendations
For version 16.00.0112, consider restricting access to the SecureBrowseFile functionality until a patch is available. As a temporary workaround, avoid using the OAS Engine SecureBrowseFile functionality to minimize the risk of exploitation.
Exploit
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Open Automation Software Oas Platform