Lucene search

IcscertCVELIST:CVE-2022-1264

HistoryJul 20, 2022 - 3:34 p.m.

CVE-2022-1264 Inductive Automation Ignition

2022-07-2015:34:59

CWE-22

icscert

www.cve.org

cve-2022-1264

inductive automation ignition

arbitrary code execution

web configuration

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

38.7%

JSON

The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code.

CNA Affected

[
  {
    "product": "Ignition",
    "vendor": "Inductive Automation",
    "versions": [
      {
        "status": "affected",
        "version": "All 8.1 versions 8.1.10"
      },
      {
        "lessThan": "All 8.0 versions*",
        "status": "affected",
        "version": "8.0.4",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/uscert/ics/advisories/icsa-22-102-03

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

38.7%

JSON

Related for CVELIST:CVE-2022-1264