Threat Encyclopedia
Open.Automation.OAS.SecureTransferFiles.Arbitrary.File.Write
Description
This indicates an attack attempt to exploit an Arbitrary File Write Vulnerability in Open Automation Software platform.
This vulnerability is due to the SecureTransferFiles command allowing a non-privileged user to upload a file. An authenticated, remote user can exploit this vulnerability by sending crafted requests to the target platform. Successful exploitation could result in the writing of an arbitrary file, which may be used to facilitate the execution of arbitrary code.
Affected Products
Open Automation Software OAS Platform V16.00.0112
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://openautomationsoftware.com/downloads/