Vulnerabilities > CVE-2022-26833 - Unspecified vulnerability in Openautomationsoftware OAS Platform 16.00.0112

CVSS 9.4 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

openautomationsoftware

critical

NVD

Published: 2022-05-25

Updated: 2024-11-21

Summary

An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Openautomationsoftware Openautomationsoftware OAS Platform 16.00.0112	1

References

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1513
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1513

Summary

Vulnerable Configurations

Related news

References