CVE-2022-26833

2022-05-2520:15:28

CWE-306

talos

www.cve.org

vulnerability

rest api

open automation software oas platform

CVSS3

9.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.017

Percentile

87.7%

JSON

An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this vulnerability.

CNA Affected

[
  {
    "vendor": "Open Automation Software",
    "product": "OAS Platform",
    "versions": [
      {
        "version": "V16.00.0121",
        "status": "affected"
      }
    ]
  }
]