CVE-2023-34998 – CVE-2023-34998 is an authentication bypass vuln... (How to Fix)

Q: What is the severity of CVE-2023-34998?

CVE-2023-34998 has a CVSS score of 8.1 (HIGH). CVE-2023-34998 is an authentication bypass vulnerability in Open Automation Software OAS Platform that allows attackers to gain unauthorized access by sniffing network traffic and sending specially crafted requests. This affects organizations using the vulnerable OAS Platform version for industrial automation and SCADA systems.

📋 TL;DR

CVE-2023-34998 is an authentication bypass vulnerability in Open Automation Software OAS Platform that allows attackers to gain unauthorized access by sniffing network traffic and sending specially crafted requests. This affects organizations using the vulnerable OAS Platform version for industrial automation and SCADA systems.

💻 Affected Systems

Products:

Open Automation Software OAS Platform

Versions: v18.00.0072

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Specifically affects OAS Engine functionality. Industrial environments using OAS for SCADA/ICS systems are particularly at risk.

📦 What is this software?

Oas Platform by Openautomationsoftware

View all CVEs affecting Oas Platform →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of industrial control systems, unauthorized access to critical infrastructure, data theft, and potential physical damage to industrial processes.

🟠

Likely Case

Unauthorized access to OAS Platform, data exfiltration, manipulation of industrial processes, and lateral movement within industrial networks.

🟢

If Mitigated

Limited impact due to network segmentation, proper authentication controls, and monitoring that detects anomalous authentication attempts.

🌐 Internet-Facing: HIGH - If exposed to internet, attackers can exploit without internal access by sniffing traffic and crafting authentication bypass requests.

🏢 Internal Only: MEDIUM - Requires network access but exploitation is straightforward once an attacker gains internal network position.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network traffic sniffing but no authentication. Attack methodology is documented in Talos reports.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v18.00.0073 or later

Vendor Advisory: https://openautomationsoftware.com/security-advisories/

Restart Required: Yes

Instructions:

1. Download latest OAS Platform version from vendor portal. 2. Backup current configuration. 3. Install update following vendor instructions. 4. Restart OAS services. 5. Verify functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate OAS Platform from untrusted networks and implement strict firewall rules

Encrypted Communications

windows

Enable TLS/SSL for all OAS network communications to prevent traffic sniffing

oas_config --enable-tls --cert-path /path/to/cert.pem --key-path /path/to/key.pem

🧯 If You Can't Patch

Implement network monitoring to detect authentication bypass attempts and unusual authentication patterns
Deploy intrusion detection systems to alert on suspicious OAS Engine network traffic

🔍 How to Verify

Check if Vulnerable:

Check OAS Platform version in administration console or registry: HKEY_LOCAL_MACHINE\SOFTWARE\Open Automation Software\OAS Platform\Version

Check Version:

reg query "HKLM\SOFTWARE\Open Automation Software\OAS Platform" /v Version

Verify Fix Applied:

Verify version is v18.00.0073 or later and test authentication mechanisms

📡 Detection & Monitoring

Log Indicators:

Failed authentication attempts followed by successful access
Multiple authentication requests from same source
OAS Engine authentication logs showing bypass patterns

Network Indicators:

Unencrypted authentication traffic to OAS Engine port
Suspicious packet patterns matching Talos vulnerability description
Authentication requests without proper credentials

SIEM Query:

source="oas_logs" AND (event_type="authentication" AND result="success" AND credential_present="false")

📊 Metadata

CVE ID: CVE-2023-34998

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-319

Published: September 5, 2023

Last Updated: November 21, 2024

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1770 Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1770 Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1770 Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1770 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-34998, you might also want to check these: