A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. A targeted network sniffing attack can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability.
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Oas_platform | Openautomationsoftware | 16.00.0112 (including) | 16.00.0112 (including) |