CVE-2024-27201

Published: Apr 3, 2024Modified: Nov 4, 2025

4.9

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Exploitability: 1.2 / Impact: 3.6

Source: CNA (Secondary)

Description

An improper input validation vulnerability exists in the OAS Engine User Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to trigger this vulnerability.

Affected (1)

Products: Openautomationsoftware: Open Automation Software

Openautomationsoftware

1 product

Open Automation Software

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Openautomationsoftware Open Automation Software	Version 19.0.0.57

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (3)

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1949

Source: talos-cna@cisco.com

ExploitThird Party Advisory

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1949

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1949

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.