Security researchers at Cisco Talos have reported eight vulnerabilities related to the configuration management feature of the Platform Automation Software (OAS) engine, whereby users could load and save configurations, copy the data onto a disk and proceed with installing it on other devices.
OAS is used for industrial operations and enterprise environments, enabling communication and data transfer between servers, industrial control systems, Internet of Things, and other devices.
Among the vulnerabilities detected there are three errors that are classified as high severity. The most important of these are CVE-2023-31242 and CVE-2023-34998, two authentication bypass flaws that can be exploited via specially crafted requests.
The former can be triggered by a sequence of requests, while the latter by sniffing network traffic.
In the first case, since no administrator user is configured in your installation, no type of authentication is required when accessing features such as the creation of new users.
“By employing specific requests, an adversary has the potential to verify the presence of unauthenticated access, subsequently enabling them to generate new user accounts, manipulate configuration settings, and potentially acquire unauthorized access to the underlying system.”
As for the second vulnerability, threat actors can capture a protobuf, containing valid administrator credentials, and use them to create their own requests. The adversary could then access the user creation and saving feature, having a ‘free bar’ in the system.
Two other vulnerabilities could lead to information disclosure, while two others can be exploited for the arbitrary creation or overwriting of files and for the arbitrary creation of directories.
All of these problems were identified in version 18 of the OAS platform. Fortunately, they were corrected with the release of version 19.00.0000.
CyberSec84 | Cybersecurity news. 
Leave a comment