Unrated severityNVD Advisory· Published Dec 6, 2024· Updated Dec 6, 2024

Open Automation Software Incorrect Execution-Assigned Permissions

CVE-2024-11220

Description

A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. Any code within the rdlx file of the report executes with SYSTEM privileges, resulting in privilege escalation.

Affected products

Open Automation Software/Open Automation Softwarev5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

openautomationsoftware.com/downloads/mitre
www.cisa.gov/news-events/ics-advisories/icsa-24-338-03mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000