CVE-2023-34317 - OpenCVE

An improper input validation vulnerability exists in the OAS Engine User Creation functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to trigger this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Openautomationsoftware	Oas Platform

Configuration 1 [-]

cpe:2.3:a:openautomationsoftware:oas_platform:18.00.0072:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1772
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1772

History

No history.

MITRE

Status: PUBLISHED

Assigner: talos

Published: 2023-09-05T16:15:04.162Z

Updated: 2024-08-02T16:10:06.380Z

Reserved: 2023-06-13T17:03:40.750Z

Link: CVE-2023-34317

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-09-05T17:15:08.877

Modified: 2023-09-08T17:36:00.593

Link: CVE-2023-34317

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-34317", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2023-06-13T17:03:40.750Z", "datePublished": "2023-09-05T16:15:04.162Z", "dateUpdated": "2024-08-02T16:10:06.380Z"}, "containers": {"cna": {"affected": [{"vendor": "Open Automation Software", "product": "OAS Platform", "versions": [{"version": "v18.00.0072", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "An improper input validation vulnerability exists in the OAS Engine User Creation functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-20: Improper Input Validation", "type": "CWE", "cweId": "CWE-20"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2023-09-05T16:15:04.162Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1772", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1772"}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1772"}], "credits": [{"lang": "en", "value": "Discovered by a member of Cisco Talos."}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:10:06.380Z"}, "title": "CVE Program Container", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1772", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1772", "tags": ["x_transferred"]}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1772", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openautomationsoftware:oas_platform:18.00.0072:*:*:*:*:*:*:*", "matchCriteriaId": "42650183-88E5-4F14-A46F-A6215E98B081", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An improper input validation vulnerability exists in the OAS Engine User Creation functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de validaci\u00f3n de entrada inadecuada en la funcionalidad OAS Engine User Creation de Open Automation Software OAS Platform v18.00.0072. Una serie de solicitudes de red especialmente manipuladas puede generar datos inesperados en la configuraci\u00f3n. Un atacante puede enviar una secuencia de peticiones para activar esta vulnerabilidad. "}], "id": "CVE-2023-34317", "lastModified": "2023-09-08T17:36:00.593", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "talos-cna@cisco.com", "type": "Secondary"}]}, "published": "2023-09-05T17:15:08.877", "references": [{"source": "talos-cna@cisco.com", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1772"}, {"source": "talos-cna@cisco.com", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1772"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "talos-cna@cisco.com", "type": "Primary"}]}