Critical issues in a popular platform used by Industrial Control Systems (ICS) that allow for unauthorised device access, Remote Code Execution (RCE) or denial of service (DoS) could threaten the security of critical infrastructure.
Cisco Talos discovered 8 vulnerabilities in the Open Automation Software, 2 of them critical, that pose risk for critical infrastructure networks.
Researcher Jared Rittle of Cisco Talos discovered a total of 8 vulnerabilities, 2 of them critical in the Open Automation Software (OAS) Platform, the most serious of which allows an attacker to execute arbitrary code on a targeted machine, according to a blog post published this week. The issues affect Open Automation Software OAS Platform, version 16.00.0112.
OAS, offered by a company of the same name makes it easy to transfer data between proprietary devices & applications, including both software & hardware.
Critical Business Processes
At its core is what’s called a Universal Data Connector, which allows the “movement & transformation of data for critical business processes like machine learning, data mining, reporting & data visualisation,” according to the OAS website.
The OAS Platform is widely used in systems in which a range of different devices & software need to communicate, which is why it’s often found in ICS to connect industrial & IoT devices, SCADA systems, network points, & custom apps & APIs, among other software & hardware. Some companies using the platform include Intel, Mack Trucks, the US Navy, JBT AeroTech & Michelin.
Critical Infrastructure at Risk
The OAS Platform’s presence in these systems is why