HIGH
Open Automation Software
CVE published 2024-12-03
CVE-2024-11220
A local privilege escalation vulnerability in Open Automation Software (OAS) allows authenticated low-level users to execute arbitrary code with SYSTEM privileges. The flaw exists in how OAS handles report files (.rdlx); a local attacker with credentials to running OAS services can create and execute a report containing malicious code that runs with elevated privileges. This vulnerability is rated HIGH se [truncated]