Open Automation Software

Plan PatchCVSS 7.8ICS-CERT ICSA-24-338-03Dec 3, 2024

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Open Automation Software versions earlier than V20.00.0076 contain a privilege escalation vulnerability (CWE-279) that could allow an attacker with local access to execute code with elevated privileges. The vulnerability requires local access and user-level credentials; it is not remotely exploitable. Successful exploitation could enable an attacker to modify system configurations, access sensitive data, or disrupt operations.

What this means

What could happen

An attacker with local access to a system running Open Automation Software could execute arbitrary code with elevated privileges, potentially allowing them to modify process parameters, disable safety functions, or corrupt data on the affected device.

Who's at risk

Organizations using Open Automation Software for industrial automation, process control, or data acquisition systems. This includes manufacturing facilities, water treatment plants, electric utilities, and any critical infrastructure relying on Open Automation Software for operational control or monitoring.

How it could be exploited

An attacker with local access to a system running a vulnerable version of Open Automation Software could exploit a privilege escalation vulnerability to run code with elevated privileges. This requires the attacker to first gain local access to the machine—either through physical presence, a compromised user account, or lateral movement from elsewhere in the network.

Prerequisites

Local access to a system running Open Automation Software version earlier than V20.00.0076
User-level or unprivileged account on the affected system

Privilege escalation capabilityNo remote exploitation possible (local attack only)Low attack complexityLow EPSS score (0.1%)

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

Open Automation Software: <V20.00.0076<V20.00.0076V20.00.0076+

Remediation & Mitigation

0/1

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Open Automation Software to version V20.00.0076 or later

CVEs (1)

CVE-2024-11220

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/50225d84-b3b2-4f3e-bf54-a5b430bb1a28

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.