CVE-2022-26833
CRITICAL EXPLOITED NUCLEIOpen Automation Software OAS Platform 16.00.0121 - Auth Bypass
Title source: llmExploitation Summary
CVE-2022-26833 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this vulnerability.
Nuclei Templates (1)
Open Automation Software OAS Platform V16.00.0121 - Missing Authentication
CRITICALby true13
References (1)
Core 1
Core References
Exploit, Mitigation, Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1513
Scores
CVSS v3
9.4
EPSS
0.3761
EPSS Percentile
98.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Details
VulnCheck KEV
2024-01-22
CWE
CWE-306
Status
published
Products (1)
openautomationsoftware/oas_platform
16.00.0112
Published
May 25, 2022
Tracked Since
Feb 18, 2026