SB2022052617 - Multiple vulnerabilities in Open Automation Software OAS Platform

Description

This security bulletin contains information about 7 secuirty vulnerabilities.

1) Cleartext transmission of sensitive information (CVE-ID: CVE-2022-26077)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software uses insecure communication channel to transmit sensitive information within the OAS Engine configuration communications functionality. A remote attacker can sniff network traffic and gain access to sensitive data.

2) Missing Authentication for Critical Function (CVE-ID: CVE-2022-27169)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to missing authentication for critical function in the OAS Engine SecureBrowseFile functionality. A remote attacker can send a specially crafted request and disclose sensitive information.

3) Missing Authentication for Critical Function (CVE-ID: CVE-2022-26082)

The vulnerability allows a remote user to bypass authentication process.

The vulnerability exists due to a file write issue in the OAS Engine SecureTransferFiles functionality. A remote administrator can send a specially crafted request and execute arbitrary code on the target system.

4) Missing Authentication for Critical Function (CVE-ID: CVE-2022-26026)

The vulnerability allows a remote attacker can perform a denial of service (DoS) attack.

The vulnerability exists due to missing authentication for critical function in the OAS Engine SecureConfigValues functionality. A remote administrator can send a specially crafted request and cause a denial of service condition on the target system.

5) Missing Authentication for Critical Function (CVE-ID: CVE-2022-26043)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an external config control issue in the OAS Engine SecureAddSecurity functionality. A remote attacker can send a specially crafted request and create a custom Security Group.

6) Missing Authentication for Critical Function (CVE-ID: CVE-2022-26067)

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to missing authentication for critical function in the OAS Engine SecureTransferFiles functionality. A remote administrator can send a specially crafted request and read arbitrary files on the target system.

7) Missing Authentication for Critical Function (CVE-ID: CVE-2022-26303)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an external config control issue in the OAS Engine SecureAddUser functionality. A remote attacker can send a specially crafted request and create an OAS user account.

Remediation

Install update from vendor's website.

References

• https://talosintelligence.com/vulnerability_reports/TALOS-2022-1490
• https://talosintelligence.com/vulnerability_reports/TALOS-2022-1494
• https://talosintelligence.com/vulnerability_reports/TALOS-2022-1493
• https://talosintelligence.com/vulnerability_reports/TALOS-2022-1491
• https://talosintelligence.com/vulnerability_reports/TALOS-2022-1489
• https://talosintelligence.com/vulnerability_reports/TALOS-2022-1492
• https://talosintelligence.com/vulnerability_reports/TALOS-2022-1488