VYPR
Vendor

Open Automation Software

Products
1
CVEs
24
Across products
24
Status
Private

Products

1

Recent CVEs

24
View all 24 CVEs →
  • CVE-2022-26833CriMay 25, 2022
    risk 0.64cvss 9.4epss 0.38

    An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to…

  • CVE-2022-26082CriMay 25, 2022
    risk 0.61cvss 9.1epss 0.19

    A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger…

  • CVE-2023-34998HigSep 5, 2023
    risk 0.53cvss 8.1epss 0.01

    An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary authentication. An attacker can sniff network traffic to trigger this…

  • CVE-2023-31242HigSep 5, 2023
    risk 0.53cvss 8.1epss 0.03

    An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially-crafted series of network requests can lead to arbitrary authentication. An attacker can send a sequence of requests to trigger this…

  • CVE-2023-34353HigSep 5, 2023
    risk 0.49cvss 7.5epss 0.01

    An authentication bypass vulnerability exists in the OAS Engine authentication functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted network sniffing can lead to decryption of sensitive information. An attacker can sniff network traffic to…

  • CVE-2022-27169HigMay 25, 2022
    risk 0.49cvss 7.5epss 0.02

    An information disclosure vulnerability exists in the OAS Engine SecureBrowseFile functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to a disclosure of sensitive information. An attacker can send a network request to…

  • CVE-2022-26303HigMay 25, 2022
    risk 0.49cvss 7.5epss 0.01

    An external config control vulnerability exists in the OAS Engine SecureAddUser functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of an OAS user account. An attacker can send a sequence of…

  • CVE-2022-26077HigMay 25, 2022
    risk 0.49cvss 7.5epss 0.01

    A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. A targeted network sniffing attack can lead to a disclosure of sensitive information. An…

  • CVE-2022-26043HigMay 25, 2022
    risk 0.49cvss 7.5epss 0.01

    An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of a custom Security Group. An attacker can send a…

  • CVE-2022-26026HigMay 25, 2022
    risk 0.49cvss 7.5epss 0.01

    A denial of service vulnerability exists in the OAS Engine SecureConfigValues functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to loss of communications. An attacker can send a network request to trigger this…

  • CVE-2015-7917HigDec 23, 2015
    risk 0.47cvss 7.2epss 0.00

    Untrusted search path vulnerability in Open Automation OPC Systems.NET 8.00.0023 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2023-34317MedSep 5, 2023
    risk 0.42cvss 6.5epss 0.01

    An improper input validation vulnerability exists in the OAS Engine User Creation functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence…

  • CVE-2023-32615MedSep 5, 2023
    risk 0.42cvss 6.5epss 0.01

    A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to…

  • CVE-2023-32271MedSep 5, 2023
    risk 0.42cvss 6.5epss 0.01

    An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a…

  • CVE-2022-26067MedMay 25, 2022
    risk 0.32cvss 4.9epss 0.01

    An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to arbitrary file read. An attacker can send a sequence of requests to…

  • CVE-2023-35124LowSep 5, 2023
    risk 0.20cvss 3.1epss 0.01

    An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a…

  • CVE-2023-34994LowSep 5, 2023
    risk 0.20cvss 3.1epss 0.01

    An improper resource allocation vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to creation of an arbitrary directory. An attacker can send…

  • CVE-2011-4871Apr 18, 2012
    risk 0.03cvss epss 0.03

    Open Automation Software OPC Systems.NET before 5.0 allows remote attackers to cause a denial of service via a malformed .NET RPC packet on TCP port 58723.

  • CVE-2024-11220Dec 6, 2024
    risk 0.00cvss epss 0.00

    A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. Any code within the rdlx file of the report executes with SYSTEM privileges, resulting in privilege escalation.

  • CVE-2024-24976Apr 3, 2024
    risk 0.00cvss epss 0.01

    A denial of service vulnerability exists in the OAS Engine File Data Source Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can cause the running program to stop. An attacker can send a sequence of…