Oracle E-Business Suite MES for Process Manufacturing Device Integration Vulnerability Allowing Unauthorized Data Access and Modification

A vulnerability has been identified in the Oracle MES for Process Manufacturing component of Oracle E-Business Suite, specifically in versions 12.2.12 through 12.2.13. This vulnerability, which resides within the Device Integration component, can be easily exploited by an unauthenticated attacker with network access via HTTP. The exploitation requires human interaction from a third party. While the vulnerability is contained within Oracle MES for Process Manufacturing, successful attacks could significantly affect other products, leading to a scope change. Exploitation of this vulnerability could result in unauthorized read access to certain data, as well as unauthorized update, insert, or delete access to some accessible data within Oracle MES for Process Manufacturing.

Impact

Exploitation of this vulnerability could lead to unauthorized access to read, update, insert, or delete data within Oracle MES for Process Manufacturing.