Lucene search

TalosCVE-2024-24976

HistoryApr 03, 2024 - 2:15 p.m.

CVE-2024-24976

2024-04-0314:15:15

CWE-130

talos

web.nvd.nist.gov

cve-2024-24976

oas platform

network requests

running program

attacker

vulnerability

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

AI Score

7.7

Confidence

High

EPSS

Percentile

13.3%

JSON

A denial of service vulnerability exists in the OAS Engine File Data Source Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can cause the running program to stop. An attacker can send a sequence of requests to trigger this vulnerability.

Affected configurations

Vulners

Node

openautomationsoftwareoas_platformRange≤V19.00.0057

VendorProductVersionCPE
openautomationsoftwareoas_platform*cpe:2.3:a:openautomationsoftware:oas_platform:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
openautomationsoftware	oas_platform	*	cpe:2.3:a:openautomationsoftware:oas_platform::::::::

CNA Affected

[
  {
    "vendor": "Open Automation Software",
    "product": "OAS Platform",
    "versions": [
      {
        "version": "V19.00.0057",
        "status": "affected"
      }
    ]
  }
]

References

talosintelligence.com/vulnerability_reports/TALOS-2024-1948

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

AI Score

7.7

Confidence

High

EPSS

Percentile

13.3%

JSON

Related for CVE-2024-24976