CVE-2023-34353

CVSS 7.5 · High EPSS 0.05% · P14 Updated Feb 14, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-34353

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

An authentication bypass vulnerability exists in the OAS Engine authentication functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted network sniffing can lead to decryption of sensitive information. An attacker can sniff network traffic to trigger this vulnerability.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

使用不充分的随机数

Source: NVD (National Vulnerability Database)

Vulnerability Title

Open Automation Software OAS Platform 安全特征问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Open Automation Software OAS Platform是美国Open Automation Software公司的一个工业物联网（IoT）套件。旨在帮助企业将数据源连接到 OAS 平台。 Open Automation Software OAS Platform v18.00.0072版本存在安全特征问题漏洞，该漏洞源于存在身份验证绕过漏洞，可能会导致敏感信息的解密。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Open Automation Software	OAS Platform	v18.00.0072	-

II. Public POCs for CVE-2023-34353

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2023-34353

请登录查看更多情报信息。

Same Patch Batch · Open Automation Software · 2023-09-05 · 8 CVEs total

CVE-2023-34998	8.1 HIGH	Open Automation Software OAS Platform 授权问题漏洞
CVE-2023-31242	8.1 HIGH	Open Automation Software OAS Platform 授权问题漏洞
CVE-2023-34317	6.5 MEDIUM	Open Automation Software OAS Platform 输入验证错误漏洞
CVE-2023-32615	6.5 MEDIUM	Open Automation Software OAS Platform 安全漏洞
CVE-2023-32271	6.5 MEDIUM	Open Automation Software OAS Platform 信息泄露漏洞
CVE-2023-35124	3.1 LOW	Open Automation Software OAS Platform 安全漏洞
CVE-2023-34994	3.1 LOW	Open Automation Software OAS Platform 安全漏洞

IV. Related Vulnerabilities

Same product: OAS Platform

Same vendor: Open Automation Software

Same weakness: CWE-330

V. Comments for CVE-2023-34353

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2023-34353

I. Basic Information for CVE-2023-34353

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2023-34353

III. Intelligence Information for CVE-2023-34353

Same Patch Batch · Open Automation Software · 2023-09-05 · 8 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2023-34353

Leave a comment