Open Automation Software

Plan Patch7.8ICS-CERT ICSA-24-338-03Dec 3, 2024

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Open Automation Software versions prior to V20.00.0076 contain a privilege escalation vulnerability (CWE-279) that allows a local attacker with valid user credentials to execute code with elevated privileges. Successful exploitation could allow an attacker to modify automation logic, alter process parameters, or disable safety controls on connected industrial equipment.

What this means

What could happen

An attacker with local access to a system running Open Automation Software could execute code with elevated privileges, potentially allowing them to modify process logic, alter setpoints, or disable safety interlocks in automated production or facility control systems.

Who's at risk

Organizations operating manufacturing automation, building management systems, and facility control systems that use Open Automation Software. This affects any facility using OAS for process automation, HVAC control, or production equipment orchestration.

How it could be exploited

An attacker with local login access to a Windows system running Open Automation Software could leverage privilege escalation (CWE-279) to run arbitrary commands or scripts with administrative privileges, gaining control over automation workflows and connected equipment.

Prerequisites

Local login credentials to the Windows system running OAS
Physical or remote desktop access to the host running Open Automation Software
OAS version prior to V20.00.0076 must be installed

Local access required but privilege escalation possibleNo patch available for versions below V20.00.0076Low EPSS exploit probability (0.1%) but high impact if exploited

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

Open Automation Software: <V20.00.0076<V20.00.0076V20.00.0076 or later

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict local login access to OAS systems to authorized engineering and operations staff only; use strong password policies and multi-factor authentication if possible

HARDENINGMonitor OAS systems for unauthorized privilege escalation attempts and unusual process execution

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Open Automation Software to version V20.00.0076 or later

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate OAS systems from general corporate network and untrusted networks

CVEs (1)

CVE-2024-11220

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/50225d84-b3b2-4f3e-bf54-a5b430bb1a28