Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ignition
(Inductiveautomation)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 34 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-07-25 | CVE-2022-35871 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within the authenticateAdSso method. The issue results from the lack of authentication prior to allowing the execution of python code. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17206. | Ignition | 7.8 | ||
| 2022-07-25 | CVE-2022-35872 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ZIP files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage... | Ignition | 7.8 | ||
| 2022-07-25 | CVE-2022-35873 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of ZIP files. Crafted data in a ZIP file can cause the application to execute arbitrary Python scripts. The user interface fails to provide sufficient indication of... | Ignition | 7.8 | ||
| 2022-08-05 | CVE-2022-1704 | Due to an XML external entity reference, the software parses XML in the backup/restore functionality without XML security flags, which may lead to a XXE attack while restoring the backup. | Ignition | 9.8 | ||
| 2015-04-03 | CVE-2015-0995 | Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which makes it easier for context-dependent attackers to obtain access via a brute-force attack. | Ignition | N/A | ||
| 2015-04-03 | CVE-2015-0994 | Inductive Automation Ignition 7.7.2 allows remote authenticated users to bypass a brute-force protection mechanism by using different session ID values in a series of HTTP requests. | Ignition | N/A | ||
| 2015-04-03 | CVE-2015-0993 | Inductive Automation Ignition 7.7.2 does not terminate a session upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation. | Ignition | N/A | ||
| 2015-04-03 | CVE-2015-0992 | Inductive Automation Ignition 7.7.2 stores cleartext OPC Server credentials, which allows local users to obtain sensitive information via unspecified vectors. | Ignition | N/A | ||
| 2015-04-03 | CVE-2015-0991 | Inductive Automation Ignition 7.7.2 allows remote attackers to obtain sensitive information by reading an error message about an unhandled exception, as demonstrated by pathname information. | Ignition | N/A | ||
| 2015-04-03 | CVE-2015-0976 | Cross-site scripting (XSS) vulnerability in Inductive Automation Ignition 7.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Ignition | N/A |