CVE-2022-26833

Name of the Vulnerable Software and Affected Versions Open Automation Software OAS Platform version 16.00.0121

Description The issue is related to an improper authentication vulnerability in the REST API functionality. This vulnerability can be triggered by a specially-crafted series of HTTP requests, leading to unauthenticated use of the REST API. An attacker can exploit this by sending a series of HTTP requests, potentially allowing remote execution of arbitrary code.

Recommendations For Open Automation Software OAS Platform version 16.00.0121, consider disabling the REST API functionality until a patch is available to prevent unauthenticated use. Restrict access to the REST API to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.