Open Automation Software OAS Platform is an industrial Internet of Things (IoT) suite from Open Automation Software, Inc. An access control error vulnerability exists in Open Automation Software OAS Platform version V16.00.0112, which stems from an external configuration control issue with the OAS Engine Secureaddsecurity feature, and could be exploited by an attacker to by sending a series of specially crafted network requests to create custom security groups.