Oas Platform
CVE-2023-32271
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability.
AnalysisAI
An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability. Affected products include: Openautomationsoftware Oas Platform.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.
More in Oas Platform
View allAn authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v
A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Pl
An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V
An authentication bypass vulnerability exists in the OAS Engine authentication functionality of Open Automation Software
An information disclosure vulnerability exists in the OAS Engine SecureBrowseFile functionality of Open Automation Softw
An external config control vulnerability exists in the OAS Engine SecureAddUser functionality of Open Automation Softwar
A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications fu
An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation So
An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of Open Automation Sof
A denial of service vulnerability exists in the OAS Engine SecureConfigValues functionality of Open Automation Software
An improper input validation vulnerability exists in the OAS Engine User Creation functionality of Open Automation Softw
An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automati
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today