VYPR

Vendor CVEs

Open Automation Software

All CVEs

24 total · sorted by risk
  • CVE-2022-26833CriMay 25, 2022
    risk 0.64cvss 9.4epss 0.38

    An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to…

  • CVE-2022-26082CriMay 25, 2022
    risk 0.61cvss 9.1epss 0.19

    A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger…

  • CVE-2023-34998HigSep 5, 2023
    risk 0.53cvss 8.1epss 0.01

    An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary authentication. An attacker can sniff network traffic to trigger this…

  • CVE-2023-31242HigSep 5, 2023
    risk 0.53cvss 8.1epss 0.03

    An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially-crafted series of network requests can lead to arbitrary authentication. An attacker can send a sequence of requests to trigger this…

  • CVE-2023-34353HigSep 5, 2023
    risk 0.49cvss 7.5epss 0.01

    An authentication bypass vulnerability exists in the OAS Engine authentication functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted network sniffing can lead to decryption of sensitive information. An attacker can sniff network traffic to…

  • CVE-2022-27169HigMay 25, 2022
    risk 0.49cvss 7.5epss 0.02

    An information disclosure vulnerability exists in the OAS Engine SecureBrowseFile functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to a disclosure of sensitive information. An attacker can send a network request to…

  • CVE-2022-26303HigMay 25, 2022
    risk 0.49cvss 7.5epss 0.01

    An external config control vulnerability exists in the OAS Engine SecureAddUser functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of an OAS user account. An attacker can send a sequence of…

  • CVE-2022-26077HigMay 25, 2022
    risk 0.49cvss 7.5epss 0.01

    A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. A targeted network sniffing attack can lead to a disclosure of sensitive information. An…

  • CVE-2022-26043HigMay 25, 2022
    risk 0.49cvss 7.5epss 0.01

    An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of a custom Security Group. An attacker can send a…

  • CVE-2022-26026HigMay 25, 2022
    risk 0.49cvss 7.5epss 0.01

    A denial of service vulnerability exists in the OAS Engine SecureConfigValues functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to loss of communications. An attacker can send a network request to trigger this…

  • CVE-2015-7917HigDec 23, 2015
    risk 0.47cvss 7.2epss 0.00

    Untrusted search path vulnerability in Open Automation OPC Systems.NET 8.00.0023 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2023-34317MedSep 5, 2023
    risk 0.42cvss 6.5epss 0.01

    An improper input validation vulnerability exists in the OAS Engine User Creation functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence…

  • CVE-2023-32615MedSep 5, 2023
    risk 0.42cvss 6.5epss 0.01

    A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to…

  • CVE-2023-32271MedSep 5, 2023
    risk 0.42cvss 6.5epss 0.01

    An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a…

  • CVE-2022-26067MedMay 25, 2022
    risk 0.32cvss 4.9epss 0.01

    An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to arbitrary file read. An attacker can send a sequence of requests to…

  • CVE-2023-35124LowSep 5, 2023
    risk 0.20cvss 3.1epss 0.01

    An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a…

  • CVE-2023-34994LowSep 5, 2023
    risk 0.20cvss 3.1epss 0.01

    An improper resource allocation vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to creation of an arbitrary directory. An attacker can send…

  • CVE-2011-4871Apr 18, 2012
    risk 0.03cvss epss 0.03

    Open Automation Software OPC Systems.NET before 5.0 allows remote attackers to cause a denial of service via a malformed .NET RPC packet on TCP port 58723.

  • CVE-2024-11220Dec 6, 2024
    risk 0.00cvss epss 0.00

    A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. Any code within the rdlx file of the report executes with SYSTEM privileges, resulting in privilege escalation.

  • CVE-2024-24976Apr 3, 2024
    risk 0.00cvss epss 0.01

    A denial of service vulnerability exists in the OAS Engine File Data Source Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can cause the running program to stop. An attacker can send a sequence of…

  • CVE-2024-27201Apr 3, 2024
    risk 0.00cvss epss 0.01

    An improper input validation vulnerability exists in the OAS Engine User Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a…

  • CVE-2024-21870Apr 3, 2024
    risk 0.00cvss epss 0.01

    A file write vulnerability exists in the OAS Engine Tags Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests…

  • CVE-2024-22178Apr 3, 2024
    risk 0.00cvss epss 0.01

    A file write vulnerability exists in the OAS Engine Save Security Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of…

  • CVE-2012-0227Oct 12, 2012
    risk 0.00cvss epss 0.06

    Buffer overflow in the VSFlex7.VSFlexGrid ActiveX control in ComponentOne FlexGrid 7.1, as used in Open Automation Software OPC Systems.NET, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long archive file name argument to the…