Lucene search
K

289 matches found

Cvelist
Cvelist
added 2024/05/03 2:10 a.m.37 views

CVE-2023-39476 Inductive Automation Ignition JavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability

Inductive Automation Ignition JavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is not required to exploit th...

9.8CVSS10AI score0.01784EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/03 2:10 a.m.8 views

CVE-2023-39476 Inductive Automation Ignition JavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability

Inductive Automation Ignition JavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is not required to exploit th...

9.8CVSS8.2AI score0.01784EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/03 2:10 a.m.31 views

CVE-2023-39475 Inductive Automation Ignition ParameterVersionJavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability

Inductive Automation Ignition ParameterVersionJavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is not requir...

9.8CVSS10AI score0.03147EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/03 2:10 a.m.16 views

CVE-2023-39475 Inductive Automation Ignition ParameterVersionJavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability

Inductive Automation Ignition ParameterVersionJavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is not requir...

9.8CVSS8.2AI score0.03147EPSS
Exploits0References1
CVE
CVE
added 2024/05/03 2:10 a.m.61 views

CVE-2023-39475

CVE-2023-39475 affects Inductive Automation Ignition through the ParameterVersionJavaSerializationCodec deserialization of untrusted data. The root cause is lack of validation of user-supplied data in this class, allowing a remote attacker to execute arbitrary code in the context of SYSTEM withou...

9.8CVSS9.8AI score0.03147EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/05/03 2:10 a.m.29 views

CVE-2023-39474 Inductive Automation Ignition downloadLaunchClientJar Remote Code Execution Vulnerability

Inductive Automation Ignition downloadLaunchClientJar Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target...

8CVSS8.4AI score0.00544EPSS
Exploits0References1
CVE
CVE
added 2024/05/03 2:10 a.m.60 views

CVE-2023-39474

CVE-2023-39474 (Inductive Automation Ignition) affects the Ignition platform, specifically the downloadLaunchClientJar function. The flaw is due to loading a remote JAR without validating it, enabling a remote attacker to execute arbitrary code in the context of the current user. Exploitation req...

8.8CVSS8.2AI score0.00544EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/03 2:10 a.m.20 views

CVE-2023-39474 Inductive Automation Ignition downloadLaunchClientJar Remote Code Execution Vulnerability

Inductive Automation Ignition downloadLaunchClientJar Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target...

8CVSS8.2AI score0.00544EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/03 2:10 a.m.12 views

CVE-2023-39472 Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability

Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Inductive Automation Ignition. Authentication is required to exploit this...

6.5CVSS6.2AI score0.01212EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/03 2:10 a.m.37 views

CVE-2023-39472 Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability

Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Inductive Automation Ignition. Authentication is required to exploit this...

6.5CVSS6.4AI score0.01212EPSS
Exploits0References1
CVE
CVE
added 2024/05/03 2:10 a.m.84 views

CVE-2023-39472

CVE-2023-39472 — Inductive Automation Ignition is affected through the SimpleXMLReader’s XML External Entity (XXE) handling, where a crafted XML can trigger the parser to fetch a URI and embed its contents, enabling information disclosure in the SYSTEM context. Exploitation requires authenticatio...

6.5CVSS6.2AI score0.01212EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/05/03 2:10 a.m.71 views

CVE-2023-39473

The CVE-2023-39473 entry concerns Inductive Automation Ignition's AbstractGatewayFunction deserialization vulnerability. The flaw stems from insufficient validation of user-supplied data, enabling deserialization of untrusted input and remote code execution. Exploitation requires authentication a...

8.8CVSS9.1AI score0.58828EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/03 2:10 a.m.18 views

CVE-2023-39473 Inductive Automation Ignition AbstractGatewayFunction Deserialization of Untrusted Data Remote Code Execution Vulnerability

Inductive Automation Ignition AbstractGatewayFunction Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this...

8.8CVSS9.1AI score0.58828EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/03 2:10 a.m.36 views

CVE-2023-39473 Inductive Automation Ignition AbstractGatewayFunction Deserialization of Untrusted Data Remote Code Execution Vulnerability

Inductive Automation Ignition AbstractGatewayFunction Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this...

8.8CVSS9.2AI score0.58828EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/03 1:59 a.m.18 views

CVE-2023-38124 Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability

Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit...

7.2CVSS8AI score0.5582EPSS
Exploits0References2
CVE
CVE
added 2024/05/03 1:59 a.m.66 views

CVE-2023-38124

CVE-2023-38124 affects Inductive Automation Ignition Gateway/OPC UA Quick Client Task Scheduling. The flaw stems from exposing a dangerous function in the Ignition Gateway server, allowing remote attackers to execute code with SYSTEM privileges after authenticating. Documents consistently describ...

8.8CVSS7.5AI score0.5582EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/03 1:59 a.m.15 views

CVE-2023-38122 Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code Execution Vulnerability

Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Although authentication is required to exploit thi...

7.2CVSS7.9AI score0.01484EPSS
Exploits0References2
CVE
CVE
added 2024/05/03 1:59 a.m.68 views

CVE-2023-38122

CVE-2023-38122 affects Inductive Automation Ignition OPC UA Quick Client. The flaw is in the web server configuration, arising from missing Content Security Policy headers, enabling a cross-domain policy that can lead to remote code execution. Authentication is required to exploit, but the authen...

7.2CVSS7.5AI score0.01484EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/03 1:59 a.m.20 views

CVE-2023-38123 Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function Authentication Bypass Vulnerability

Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition. User interaction is required to explo...

7.5CVSS6.9AI score0.01132EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/03 1:59 a.m.24 views

CVE-2023-38123 Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function Authentication Bypass Vulnerability

Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition. User interaction is required to explo...

7.5CVSS7.9AI score0.01132EPSS
Exploits0References2
Rows per page
Query Builder