Security
Headlines
HeadlinesLatestCVEs

Headline

Eight vulnerabilities in Open Automation Software Platform could lead to information disclosure, improper authentication

OAS Platform allows various devices, including PLCs, servers, files, databases and internet-of-things platforms to communicate with one another and share data when they otherwise would be unable to because of their various protocols.

TALOS
#vulnerability#web#cisco#intel#auth

Wednesday, September 6, 2023 12:09

Cisco Talos recently disclosed eight vulnerabilities in the engine configuration functionality in Open Automation’s Software Platform.

OAS Platform is commonly found in industrial operations and enterprise environments. It allows various devices, including PLCs, servers, files, databases and internet-of-things platforms to communicate with one another and share data when they otherwise would be unable to because of their various protocols.

The vulnerabilities Talos disclosed on Sept. 5 all exist inside the OAS Platform’s Engine configuration management functionality. Through the configuration tool, users can load or save a set of configurations to a disk and install it on other devices.

TALOS-2023-1775 (CVE-2023-35124), TALOS-2023-1776 (CVE-2023-34353) and TALOS-2023-1774 (CVE-2023-32271) can all lead to the disclosure or decryption of sensitive information on the targeted device.

TALOS-2023-1769 (CVE-2023-31242) and TALOS-2023-1770 (CVE-2023-34998) could also allow an adversary to gain access to the OAS Platform system if they send a specially crafted set of network requests. TALOS-2023-1772 (CVE-2023-34317) can also be triggered if the adversary exploits one of the two previously mentioned to authenticate into the system. Lastly, TALOS-2023-1771 (CVE-2023-32615) fits into this attack chain after an adversary authenticates in, allowing them to overwrite or create a new file on behalf of the logged-in OAS user.

TALOS-2023-1773 (CVE-2023-34994) inherently exists in the software, because any user who is not authorized on the underlying system can create new directories anywhere that the underlying OAS user system account has access to, thus allowing the unauthorized user to create new, unwanted directories.

This means that an application user who is not authorized on the underlying system is capable of creating new directories anywhere that the underlying OAS user system account has access.

Talos worked with Open Automation to ensure these vulnerabilities are resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy.

For Snort coverage (SIDs 61991 - 61994, 62003 and 62004) that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website.

Related news

OAS Engine Deep Dive: Abusing low-impact vulnerabilities to escalate privileges

Open Automation Software recently released patches for multiple vulnerabilities in their OAS Engine.  Cisco Talos publicly disclosed these issues after working with Open Automation Software to ensure that patches were available for users. Now that a fix has been released with Version 19, we want to take the time

CVE-2023-35124: TALOS-2023-1775 || Cisco Talos Intelligence Group

An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability.

CVE-2023-34353: TALOS-2023-1776 || Cisco Talos Intelligence Group

An authentication bypass vulnerability exists in the OAS Engine authentication functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted network sniffing can lead to decryption of sensitive information. An attacker can sniff network traffic to trigger this vulnerability.

CVE-2023-31242: TALOS-2023-1769 || Cisco Talos Intelligence Group

An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially-crafted series of network requests can lead to arbitrary authentication. An attacker can send a sequence of requests to trigger this vulnerability.

CVE-2023-34998: TALOS-2023-1770 || Cisco Talos Intelligence Group

An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary authentication. An attacker can sniff network traffic to trigger this vulnerability.

CVE-2023-34317: TALOS-2023-1772 || Cisco Talos Intelligence Group

An improper input validation vulnerability exists in the OAS Engine User Creation functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to trigger this vulnerability.

CVE-2023-32615: TALOS-2023-1771 || Cisco Talos Intelligence Group

A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerability.

CVE-2023-34994: TALOS-2023-1773 || Cisco Talos Intelligence Group

An improper resource allocation vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to creation of an arbitrary directory. An attacker can send a sequence of requests to trigger this vulnerability.

CVE-2023-32271: TALOS-2023-1774 || Cisco Talos Intelligence Group

An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability.

TALOS: Latest News

Bidirectional communication via polyrhythms and shuffles: Without Jon the beat must go on