CVE-2023-34353 – This authentication bypass vulnerability in Ope... (How to Fix)

Q: What is the severity of CVE-2023-34353?

CVE-2023-34353 has a CVSS score of 7.5 (HIGH). This authentication bypass vulnerability in Open Automation Software OAS Platform allows attackers to decrypt sensitive information by sniffing network traffic. It affects OAS Engine authentication functionality, potentially exposing credentials and other protected data. Organizations using vulnerable versions of OAS Platform are at risk.

📋 TL;DR

This authentication bypass vulnerability in Open Automation Software OAS Platform allows attackers to decrypt sensitive information by sniffing network traffic. It affects OAS Engine authentication functionality, potentially exposing credentials and other protected data. Organizations using vulnerable versions of OAS Platform are at risk.

💻 Affected Systems

Products:

Open Automation Software OAS Platform

Versions: v18.00.0072 and potentially earlier versions

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects OAS Engine authentication functionality specifically. All deployments using the vulnerable version are affected.

📦 What is this software?

Oas Platform by Openautomationsoftware

View all CVEs affecting Oas Platform →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of OAS Platform with unauthorized access to industrial control systems, data exfiltration, and potential manipulation of operational technology.

🟠

Likely Case

Credential theft leading to unauthorized access to OAS Platform, exposure of sensitive configuration data, and potential lateral movement within the network.

🟢

If Mitigated

Limited impact with encrypted traffic preventing decryption, though authentication mechanisms remain vulnerable to targeted attacks.

🌐 Internet-Facing: HIGH - Network sniffing attacks can be conducted remotely if the service is exposed to the internet.

🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could exploit this vulnerability through network sniffing.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access to sniff traffic. No authentication needed to intercept and decrypt sensitive data.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v18.00.0073 or later

Vendor Advisory: https://openautomationsoftware.com/security-advisories/

Restart Required: Yes

Instructions:

1. Download latest version from Open Automation Software website. 2. Backup current configuration. 3. Install update following vendor instructions. 4. Restart OAS services. 5. Verify functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate OAS Platform traffic to prevent sniffing attacks

Encryption Enforcement

all

Require TLS/SSL for all OAS Platform communications

Configure OAS Platform to use TLS 1.2 or higher

🧯 If You Can't Patch

Implement strict network segmentation to isolate OAS Platform from untrusted networks
Deploy network monitoring and intrusion detection to alert on suspicious traffic patterns

🔍 How to Verify

Check if Vulnerable:

Check OAS Platform version in administration console or via version command. If version is v18.00.0072 or earlier, system is vulnerable.

Check Version:

Check OAS Platform administration interface or run platform-specific version command

Verify Fix Applied:

Verify version is v18.00.0073 or later. Test authentication functionality and monitor for any decryption issues.

📡 Detection & Monitoring

Log Indicators:

Failed authentication attempts from unexpected sources
Unusual network traffic patterns to OAS services

Network Indicators:

Unencrypted authentication traffic to OAS Platform
Suspicious network sniffing activity on OAS network segments

SIEM Query:

source="OAS_Platform" AND (event_type="authentication" OR event_type="network") AND status="failed"

📊 Metadata

CVE ID: CVE-2023-34353

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-330

Published: September 5, 2023

Last Updated: November 21, 2024

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1776 Exploit,Technical Description,Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1776 Exploit,Technical Description,Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1776 Exploit,Technical Description,Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1776 Exploit,Technical Description,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-34353, you might also want to check these: