ID 51563
Created Jun 09, 2022
Updated Jul 05, 2022
Severity dark-circle dark-circle dark-circle dark-circle dark-circle
Coverage switch-on-logo IPS (Regular DB)
switch-on-logo IPS (Extended DB)
Default Action drop
Active switch-on-logo
Affected OS Windows, Linux
Affected App SCADA

Legend

Active/Available switch-on-logo
InActive/Not Available switch-off-logo

Update History

Date Version Detail
2022-07-12 21.354 Default_action:pass:drop
2022-06-21 21.342 Modified
2022-06-09 21.336

Threat Encyclopedia

Open.Automation.OAS.SecureTransferFiles.Arbitrary.File.Write

description-logoDescription

This indicates an attack attempt to exploit an Arbitrary File Write Vulnerability in Open Automation Software platform.
This vulnerability is due to the SecureTransferFiles command allowing a non-privileged user to upload a file. An authenticated, remote user can exploit this vulnerability by sending crafted requests to the target platform. Successful exploitation could result in the writing of an arbitrary file, which may be used to facilitate the execution of arbitrary code.

affected-products-logoAffected Products

Open Automation Software OAS Platform V16.00.0112

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://openautomationsoftware.com/downloads/

CVE References

CVE-2022-26082

Telemetry logoTelemetry