Headline
Vulnerability Spotlight: Vulnerabilities in Open Automation Software Platform could lead to information disclosure, denial of service
Jared Rittle of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered eight vulnerabilities in the Open Automation Software Platform that could allow an adversary to carry out a variety of malicious actions, including improperly authenticating into…
[[ This is only the beginning! Please visit the blog for the complete entry ]]
Jared Rittle of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered eight vulnerabilities in the Open Automation Software Platform that could allow an adversary to carry out a variety of malicious actions, including improperly authenticating into the targeted device and causing a denial of service.
The OAS Platform facilitates the simplified data transfer between various proprietary devices and applications, including software and hardware.
The most serious of these issues is TALOS-2022-1493 (CVE-2022-26082), which an attacker could exploit to gain the ability to execute arbitrary code on the targeted machine. This issue has a severity score of 9.1 out of a possible 10. Another vulnerability, TALOS-2022-1513 (CVE-2022-26833) has a 9.4 severity score and could lead to the unauthenticated use of the REST API.
There are two other vulnerabilities, TALOS-2022-1494 (CVE-2022-27169) and TALOS-2022-1492 (CVE-2022-26067) could allow an attacker to obtain a directory listing at any location permissible by the underlying user by sending a specific network request.
Another information disclosure vulnerability TALOS-2022-1490 (CVE-2022-26077) works in the same way, but alternatively provides the attacker with a list of usernames and passwords for the platform that could be used in future attacks.
TALOS-2022-1491 (CVE-2022-26026) can also be triggered by a specially crafted network request, but instead leads to a denial of service and a loss of communication.
The other two vulnerabilities could allow an attacker to make external configuration changes, including creating a new security group on the Platform and creating new user accounts arbitrarily: TALOS-2022-1488 (CVE-2022-26303) and TALOS-2022-1489 (CVE-2022-26043).
Cisco Talos worked with Open Automation Software to ensure that these issues are resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy. Additionally, affected users could mitigate these issues by ensuring that proper network segmentation is in place so adversaries have the lowest possible level of access to the network on which the OAS Platform communicates.
Users are encouraged to update these affected products as soon as possible: Open Automation Software OAS Platform, version 16.00.0112. Talos tested and confirmed this driver could be exploited by these vulnerabilities.
The following SNORTⓇ rules will detect exploitation attempts against this vulnerability: 59275 – 59279, 59732. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Cisco Secure Firewall Management Center or Snort.org.
Related news
The most serious flaw gives attackers a way to remotely execute code on systems that many organizations use to move data in critical ICS environments, security vendor says.
Cisco Talos discovered eight vulnerabilities in the Open Automation Software, two of them critical, that pose risk for critical infrastructure networks.
An information disclosure vulnerability exists in the OAS Engine SecureBrowseFile functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to a disclosure of sensitive information. An attacker can send a network request to trigger this vulnerability.
An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this vulnerability.
A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. A targeted network sniffing attack can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability.
An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to arbitrary file read. An attacker can send a sequence of requests to trigger this vulnerability.
An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of a custom Security Group. An attacker can send a sequence of requests to trigger this vulnerability.
A denial of service vulnerability exists in the OAS Engine SecureConfigValues functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to loss of communications. An attacker can send a network request to trigger this vulnerability.
An external config control vulnerability exists in the OAS Engine SecureAddUser functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of an OAS user account. An attacker can send a sequence of requests to trigger this vulnerability.
A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.