Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to arbitrary file read. An attacker can send a sequence of requests to trigger this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
Open Automation Software OAS Platform 访问控制错误漏洞
Vulnerability Description
Open Automation Software OAS Platform是美国Open Automation Software公司的一个工业物联网(IoT)套件。旨在帮助企业将数据源连接到 OAS 平台。 Open Automation Software OAS Platform V16.00.0112 版本存在访问控制错误漏洞,该漏洞源于 OAS Engine Entransferfiles 功能中存在信息披露问题。攻击者可以发送一系列特殊的网络请求可以导致读取任意文件。
CVSS Information
N/A
Vulnerability Type
N/A