Cisco Talos has reportedly uncovered eight vulnerabilities in the Open Automation Software, a popular industrial control system (ICS) platform. Two of the flaws are categorized as critical, meaning that they pose a risk for infrastructure networks and should be addressed immediately. Exploiting the flaws could lead to remote code execution or denial of service and could ultimately threaten organizations’ security. Jared Rittle at Cisco Talos reportedly discovered the eight vulnerabilities.
The most serious of the eight flaws allows an attacher to execute arbitrary code on a targeted machine. Cisco Talos released a blog post detailing the flaw and how it may be exploited by attackers. The bug affects Open Automation Software OAD Platform version 16.00.0112. OAS is a platform that is designed to simplify data transfers between proprietary devices and applications, also known as Universal Data Connector. The OAS Platform is used in systems in which a range of devices and software need to communicate, often found in industrial settings.
Read More: Critical Flaws in Popular ICS Platform Can Trigger RCE