CVE-2022-26026 – CVE-2022-26026 is a denial-of-service vulnerabi... (How to Fix)

Q: What is the severity of CVE-2022-26026?

CVE-2022-26026 has a CVSS score of 7.5 (HIGH). CVE-2022-26026 is a denial-of-service vulnerability in Open Automation Software OAS Platform's SecureConfigValues functionality. Attackers can send specially crafted network requests to trigger loss of communications, disrupting industrial control and automation systems. Organizations using OAS Platform V16.00.0112 are affected.

📋 TL;DR

CVE-2022-26026 is a denial-of-service vulnerability in Open Automation Software OAS Platform's SecureConfigValues functionality. Attackers can send specially crafted network requests to trigger loss of communications, disrupting industrial control and automation systems. Organizations using OAS Platform V16.00.0112 are affected.

💻 Affected Systems

Products:

Open Automation Software OAS Platform

Versions: V16.00.0112

Operating Systems: Windows (primary platform for OAS)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the SecureConfigValues functionality specifically; OAS is commonly used in industrial control systems (ICS) and SCADA environments.

📦 What is this software?

Oas Platform by Openautomationsoftware

View all CVEs affecting Oas Platform →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete loss of communications between OAS Platform components, disrupting industrial processes, manufacturing operations, or critical infrastructure monitoring.

🟠

Likely Case

Temporary service disruption requiring system restart, causing operational downtime and potential data loss in industrial environments.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring; service can be quickly restored from backups.

🌐 Internet-Facing: HIGH - Attackers can exploit remotely without authentication if the service is exposed to the internet.

🏢 Internal Only: MEDIUM - Requires internal network access, but industrial networks often have less security than IT networks.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires network access but no authentication; exploitation appears straightforward based on the description.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V16.00.0113 or later

Vendor Advisory: https://openautomationsoftware.com/security-advisories/

Restart Required: Yes

Instructions:

1. Download latest OAS Platform version from vendor portal. 2. Backup current configuration. 3. Install update following vendor instructions. 4. Restart OAS services. 5. Verify functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to OAS Platform to only trusted systems using firewalls or network ACLs.

Disable Unnecessary Services

windows

If SecureConfigValues functionality is not required, disable it according to vendor documentation.

🧯 If You Can't Patch

Implement strict network access controls to limit which systems can communicate with OAS Platform
Deploy intrusion detection systems to monitor for exploitation attempts and anomalous network traffic

🔍 How to Verify

Check if Vulnerable:

Check OAS Platform version in administration console or via registry: HKEY_LOCAL_MACHINE\SOFTWARE\Open Automation Software\OAS\Version

Check Version:

reg query "HKLM\SOFTWARE\Open Automation Software\OAS" /v Version

Verify Fix Applied:

Confirm version is V16.00.0113 or later and test SecureConfigValues functionality remains operational.

📡 Detection & Monitoring

Log Indicators:

Multiple failed connection attempts to OAS services
Service restart events in Windows Event Logs
OAS process crashes

Network Indicators:

Unusual traffic patterns to OAS Platform ports (typically 58727/TCP)
Malformed packets targeting SecureConfigValues endpoint

SIEM Query:

source="windows" AND (event_id=6008 OR process_name="oas.exe") AND (keywords="crash" OR "restart")

📊 Metadata

CVE ID: CVE-2022-26026

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-306

Published: May 25, 2022

Last Updated: November 21, 2024

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1491 Exploit,Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1491 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-26026, you might also want to check these: