Kaspersky LabKLA10535KLA10535 Multiple vulnerabilities in Inductive Automation Ignition
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
6.8 Medium
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
78.5%
Multiple serious vulnerabilities have been found in Inductive Automation Ignition. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information or inject arbitrary code.
Below is a complete list of vulnerabilities
- Improper passwords handling can be exploited remotely via an unknown vectors;
- An unknown vulnerability can be exploited remotely vai a specially designed session IDβs;
- Improper session handling can be exploited remotely via vectors related to logout action;
- Improper Server credentials storaging and other unknown vulnerability can be exploited remotely via error messages manipulation;
- XSS vulnerability can be exploited remotely via an unspecified vectors.
Original advisories
Related products
CVE list
CVE-2015-0992 warning
CVE-2015-0991 critical
CVE-2015-0976 warning
CVE-2015-0995 critical
CVE-2015-0994 warning
CVE-2015-0993 high
Solution
Update to the latest version
Impacts
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
- CI
Code injection. Exploitation of vulnerabilities with this impact can lead to changes in target code.
- SB
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
Affected Products
- Inductive Automation Ignition 7.7.2
Related
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
6.8 Medium
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
78.5%