Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Open Automation Software Incorrect Execution-Assigned Permissions
Vulnerability Description
A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. Any code within the rdlx file of the report executes with SYSTEM privileges, resulting in privilege escalation.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
不安全的运行时授予权限
Vulnerability Title
Open Automation Software 安全漏洞
Vulnerability Description
Open Automation Software(OAS)是Open Automation Software公司的一个企业自动化系统。用于在几乎任何工业自动化设备或平台之间可视化、控制、转换和传输数据。 Open Automation Software V20.00.0076之前版本存在安全漏洞,该漏洞源于低权限用户可以创建并执行包含在rdlx文件中的报告,而该文件内的代码将以SYSTEM权限执行,从而导致权限提升。
CVSS Information
N/A
Vulnerability Type
N/A