Cisco Talos detected eight vulnerabilities, two of which are serious, in the Open Automation Software, posing a threat to critical infrastructure networks.
The security of vital infrastructure could be jeopardised by serious holes in a common platform used by industrial control systems (ICS) that allow for unauthorised device access, remote code execution (RCE), or denial of service (DoS). According to a blog post released this week by Cisco Talos researcher Jared Rittle, the Open Automation Software (OAS) Platform contains eight vulnerabilities, two of which are significant.
The most serious of these allows an attacker to execute arbitrary code on a targeted machine. Open Automation Software OAS Platform, version 16.00.0112, is affected by the issues.
Read More: https://threatpost.com/critical-flaws-in-popular-ics-platform-can-trigger-rce/179750/