Security Updates
The following is information which address known issues that have been reported.
In most, if not all cases, issues reported can be corrected by upgrading to the latest version of the OAS Platform. If you have any concerns or are experiencing an issue not listed below, contact our technical support team at support@oasiot.com.
The latest release of OAS contains several improvements that harden security and make communications even more efficient.
Read more about these improvements here.
CVE or Ref. Number | Description | Versions Affected | Status |
CVE-2022-26082 CVE-2022-26303 CVE-2022-26043 CVE-2022-26077 CVE-2022-26026 CVE-2022-26067 CVE-2022-27169 |
A vulnerability was reported in the OAS Engine API calls of Open Automation Software OAS Platform V16.00.0112. Recommendations: | Versions prior to v17 | Corrected in v17 |
CVE-2022-26833 |
A vulnerability was reported in the OAS Engine REST API calls of Open Automation Software OAS Platform V16.00.0112. Recommendations: | Versions prior to v17 |
Corrected in v17 |
CVE-2023-31242 CVE-2023-34998 CVE-2023-34353 |
Network-based authentication vulnerabilities identified. Recommendations: | v18.00.0072 | Corrected in v19 |
CVE-2023-32615 CVE-2023-34994 |
OAS service is granted file system access with elevated permissions. Recommendations: | v18.00.0072 | Corrected in v19 |
CVE-2023-34317 CVE-2023-32271 CVE-2023-35124 |
Additional validation required on network update calls for configuration data. Recommendations: | v18.00.0072 | Corrected in v19 |