Product:

Open_automation_software

(Openautomationsoftware)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 5
Date Id Summary Products Score Patch Annotated
2024-12-06 CVE-2024-11220 A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. Any code within the rdlx file of the report executes with SYSTEM privileges, resulting in privilege escalation. Open_automation_software 7.8
2024-04-03 CVE-2024-21870 A file write vulnerability exists in the OAS Engine Tags Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerability. Open_automation_software N/A
2024-04-03 CVE-2024-22178 A file write vulnerability exists in the OAS Engine Save Security Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerability. Open_automation_software N/A
2024-04-03 CVE-2024-24976 A denial of service vulnerability exists in the OAS Engine File Data Source Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can cause the running program to stop. An attacker can send a sequence of requests to trigger this vulnerability. Open_automation_software N/A
2024-04-03 CVE-2024-27201 An improper input validation vulnerability exists in the OAS Engine User Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to trigger this vulnerability. Open_automation_software N/A