PT-2024-21735 · Open Automation · Open Automation Software Oas Platform
Jared Rittle
·
Published
2024-04-03
·
Updated
2024-04-03
·
CVE-2024-27201
CVSS v3.1
4.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Open Automation Software OAS Platform version 19.00.0057
Description
An improper input validation issue exists in the OAS Engine User Configuration functionality. This can be exploited by sending a specially crafted series of network requests, leading to unexpected data in the configuration.
Recommendations
For version 19.00.0057, consider restricting access to the OAS Engine User Configuration functionality until a fix is available. As a temporary workaround, review and validate all network requests to prevent unexpected data in the configuration. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Open Automation Software Oas Platform