Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-26067PUBLISHED: 2022-05-25
An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to arbitrary file read. An attacker can send a sequence of requests to trigger this vulnera...
CVE-2022-26077PUBLISHED: 2022-05-25
A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. A targeted network sniffing attack can lead to a disclosure of sensitive information. An attacker can sniff networ...
CVE-2022-26082PUBLISHED: 2022-05-25A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2022-26303PUBLISHED: 2022-05-25
An external config control vulnerability exists in the OAS Engine SecureAddUser functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of an OAS user account. An attacker can send a sequence of requests to trigger t...
CVE-2022-26833PUBLISHED: 2022-05-25
An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this vulnerabilit...
User Rank: Apprentice
5/28/2021 | 11:55:07 AM
We find that one of the best ways to increase overall employee engagement in the organization's security program, is to find ways to promote proactive behavior through gamification, management involvement, and meaningful KPIs KRIs built around the reaction/interaction to threats and potential threats. For example, when it comes to simulated phishing - instead of looking at click through rates as the key metric, organizations can focus on the proactive reporting of threats and the "see something, do something mentality" in order to create a more positive experience overall, thus improving employee willingness to engage in good habits, behavior and ultimately, changing one's identity with a more proactive inherent scrutiny in how they process and respond to information. Organizations who traditionally kneejerk enroll employees immediately after failing a phishing test tend to promote an adversarial relationship between IT and the work force. Although click through rates can provide some meaning information about areas of risk, incentives around the promotion of proactive behavior and employees becoming proactive cybersecurity citizens is one of the best ways to enhance engagement across a security awareness program and empower employees and teams to identify and stop threats.