A critical remote code execution vulnerability in OpenS100 allows unauthenticated attackers to gain full control over the host process by providing a malicious portrayal catalogue.

This vulnerability stems from an unrestricted Lua interpreter within the Portrayal Engine that lacks sandboxing. An unauthenticated attacker can leverage standard libraries like 'os' and 'io' via a crafted S-100 catalogue to execute arbitrary system commands when the catalogue is imported.

A successful exploit results in a total compromise of the OpenS100 process, allowing for unauthorized data access, lateral movement within the network, and persistent system control. The CVSS score of 9.6 reflects the critical nature of this flaw, as it permits remote code execution with minimal user interaction beyond importing a file.

Immediate Action: Update OpenS100 to a version containing commit 753cf29 or later to ensure the Lua interpreter is properly sandboxed.

Proactive Monitoring: Monitor system logs for unusual process spawning from the OpenS100 application and review all imported S-100 catalogues for suspicious Lua scripts.

Compensating Controls: Implement strict file-integrity monitoring and restrict the application's ability to execute shell commands using OS-level security policies or containers.

Public Exploit Available: false

The severity of this vulnerability cannot be overstated, as it allows for complete system takeover via a common user workflow. Organizations utilizing OpenS100 must prioritize updating to the latest patched version immediately to mitigate the risk of remote code execution.