CVE-2024-22178

A file write vulnerability exists in the OAS Engine Save Security Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerability.

CVSS v3 4.9 MEDIUM

4.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1951	Exploit Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1951	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:openautomationsoftware:open_automation_software:19.0.0.57:*:*:*:*:*:*:*

History

23 Jan 2025, 16:57

Type	Values Removed	Values Added
References	~~() https://talosintelligence.com/vulnerability_reports/TALOS-2024-1951 -~~	() https://talosintelligence.com/vulnerability_reports/TALOS-2024-1951 - Exploit, Third Party Advisory
First Time		Openautomationsoftware Openautomationsoftware open Automation Software
CWE		NVD-CWE-Other
CPE		cpe:2.3:a:openautomationsoftware:open_automation_software:19.0.0.57:::::::*

Information

Published : 2024-04-03 14:15

Updated : 2025-01-23 16:57

NVD link : CVE-2024-22178

Mitre link : CVE-2024-22178

CVE.ORG link : CVE-2024-22178

JSON object : View

Products Affected

openautomationsoftware

open_automation_software

CWE

CWE-73

External Control of File Name or Path

NVD-CWE-Other

{"id": "CVE-2024-22178", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2024-04-03T14:15:14.543", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1951", "tags": ["Exploit", "Third Party Advisory"], "source": "talos-cna@cisco.com"}, {"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1951", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "talos-cna@cisco.com", "description": [{"lang": "en", "value": "CWE-73"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "A file write vulnerability exists in the OAS Engine Save Security Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de escritura de archivos en la funcionalidad Guardar configuraci\u00f3n de seguridad del motor OAS de Open Automation Software OAS Platform V19.00.0057. Una serie de solicitudes de red especialmente manipuladas pueden provocar la creaci\u00f3n o sobrescritura de archivos arbitrarios. Un atacante puede enviar una secuencia de solicitudes para desencadenar esta vulnerabilidad."}], "lastModified": "2025-01-23T16:57:16.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openautomationsoftware:open_automation_software:19.0.0.57:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98468F0E-605A-47FA-877E-5FA039E1FB4B"}], "operator": "OR"}]}], "sourceIdentifier": "talos-cna@cisco.com"}