CVE-2024-27201

An improper input validation vulnerability exists in the OAS Engine User Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to trigger this vulnerability.

CVSS v3 4.9 MEDIUM

4.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1949	Exploit Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1949	Exploit Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1949

Configurations

Configuration 1 (hide)

cpe:2.3:a:openautomationsoftware:open_automation_software:19.0.0.57:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-04-03 14:15

Updated : 2025-11-04 19:17

NVD link : CVE-2024-27201

Mitre link : CVE-2024-27201

CVE.ORG link : CVE-2024-27201

JSON object : View

Products Affected

openautomationsoftware

open_automation_software

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2024-27201", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2024-04-03T14:15:17.300", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1949", "tags": ["Exploit", "Third Party Advisory"], "source": "talos-cna@cisco.com"}, {"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1949", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1949", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "talos-cna@cisco.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "An improper input validation vulnerability exists in the OAS Engine User Configuration functionality of Open Automation Software OAS Platform V19.00.0057. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de validaci\u00f3n de entrada incorrecta en la funcionalidad de configuraci\u00f3n de usuario del motor OAS de Open Automation Software OAS Platform V19.00.0057. Una serie de solicitudes de red especialmente manipuladas pueden generar datos inesperados en la configuraci\u00f3n. Un atacante puede enviar una secuencia de solicitudes para desencadenar esta vulnerabilidad."}], "lastModified": "2025-11-04T19:17:03.243", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openautomationsoftware:open_automation_software:19.0.0.57:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98468F0E-605A-47FA-877E-5FA039E1FB4B"}], "operator": "OR"}]}], "sourceIdentifier": "talos-cna@cisco.com"}