CVE-2023-32615

Published: Sep 5, 2023Modified: Nov 21, 2024

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerability.

Affected (1)

Products: Openautomationsoftware: Oas Platform

Openautomationsoftware

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Openautomationsoftware Oas Platform	Version 18.00.0072

Related CWEs

Externally Controlled Reference to a Resource in Another Sphere

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

External Control of File Name or Path

The product allows user input to control or influence paths or file names that are used in filesystem operations.

References (4)

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1771

Source: talos-cna@cisco.com

Third Party Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1771

Source: talos-cna@cisco.com

Third Party Advisory

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1771

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1771

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.