Lucene search
K

289 matches found

NVD
NVD
added 2015/04/03 10:59 a.m.15 views

CVE-2015-0976

Cross-site scripting XSS vulnerability in Inductive Automation Ignition 7.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.6AI score0.01141EPSS
Exploits0References1
Prion
Prion
added 2015/04/03 10:59 a.m.18 views

Design/Logic Flaw

Inductive Automation Ignition 7.7.2 allows remote authenticated users to bypass a brute-force protection mechanism by using different session ID values in a series of HTTP requests...

4CVSS6.7AI score0.01336EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2015/04/03 10:59 a.m.15 views

Default credentials

Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which makes it easier for context-dependent attackers to obtain access via a brute-force attack...

5CVSS7AI score0.01116EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2015/04/03 10:59 a.m.19 views

Cross site scripting

Cross-site scripting XSS vulnerability in Inductive Automation Ignition 7.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6.1AI score0.01141EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2015/04/03 10:59 a.m.18 views

Design/Logic Flaw

Inductive Automation Ignition 7.7.2 stores cleartext OPC Server credentials, which allows local users to obtain sensitive information via unspecified vectors...

2.1CVSS6.2AI score0.00334EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2015/04/03 10:0 a.m.18 views

CVE-2015-0994

Inductive Automation Ignition 7.7.2 allows remote authenticated users to bypass a brute-force protection mechanism by using different session ID values in a series of HTTP requests...

6.2AI score0.01336EPSS
Exploits0References1
Cvelist
Cvelist
added 2015/04/03 10:0 a.m.19 views

CVE-2015-0993

Inductive Automation Ignition 7.7.2 does not terminate a session upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation...

9.2AI score0.02266EPSS
Exploits0References1
CVE
CVE
added 2015/04/03 10:0 a.m.108 views

CVE-2015-0992

CVE-2015-0992 affects Inductive Automation Ignition 7.7.2, where OPC Server credentials are stored in plaintext in the settings file, enabling local users to obtain sensitive information via unspecified vectors. The connected documents corroborate plaintext storage of credentials as the root caus...

2.1CVSS5.8AI score0.00334EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2015/04/03 10:0 a.m.61 views

CVE-2015-0995

Summary: CVE-2015-0995 affects Inductive Automation Ignition 7.7.2, which uses MD5 password hashes. The root cause is the use of MD5 for storing passwords, enabling context-dependent attackers to gain access via brute-forcing. The vulnerability is described as exploitable remotely in several sour...

5CVSS6.6AI score0.01116EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2015/04/03 10:0 a.m.63 views

CVE-2015-0976

CVE-2015-0976 is an XSS vulnerability in Inductive Automation Ignition 7.7.2. The issue stems from improper neutralization of input in web page generation, with the server reflecting HTTP request data back in the HTTP response, enabling remote attackers to inject arbitrary script. Several connect...

4.3CVSS5.7AI score0.01141EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2015/04/03 10:0 a.m.60 views

CVE-2015-0993

Inductive Automation Ignition 7.7.2 is affected by CVE-2015-0993, where sessions are not terminated on logout, allowing a remote attacker to bypass access controls via an unattended workstation. Connected sources confirm Ignition is vulnerable in 7.7.x (notably

6.4CVSS9.1AI score0.02266EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2015/04/03 10:0 a.m.24 views

CVE-2015-0995

Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which makes it easier for context-dependent attackers to obtain access via a brute-force attack...

6.4AI score0.01116EPSS
Exploits0References1
CVE
CVE
added 2015/04/03 10:0 a.m.59 views

CVE-2015-0991

CVE-2015-0991 affects Inductive Automation Ignition 7.7.2. The vulnerability is an information disclosure where remote attackers can obtain sensitive data by reading an error message about an unhandled exception, potentially revealing pathname information. The NVD entry lists a CVSS v2 base score...

5CVSS6.2AI score0.01359EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2015/04/03 10:0 a.m.61 views

CVE-2015-0994

In Inductive Automation Ignition, CVE-2015-0994 impacts Ignition 7.7.2, where remote authenticated users can bypass the built-in brute-force protection by manipulating session ID values across a sequence of HTTP requests. The underlying issue involves session handling and credentials management t...

4CVSS6.3AI score0.01336EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2015/04/03 10:0 a.m.24 views

CVE-2015-0991

Inductive Automation Ignition 7.7.2 allows remote attackers to obtain sensitive information by reading an error message about an unhandled exception, as demonstrated by pathname information...

6AI score0.01359EPSS
Exploits0References1
Cvelist
Cvelist
added 2015/04/03 10:0 a.m.20 views

CVE-2015-0976

Cross-site scripting XSS vulnerability in Inductive Automation Ignition 7.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

5.6AI score0.01141EPSS
Exploits0References1
Kaspersky
Kaspersky
added 2015/04/03 12:0 a.m.65 views

KLA10535 Multiple vulnerabilities in Inductive Automation Ignition

Multiple serious vulnerabilities have been found in Inductive Automation Ignition. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information or inject arbitrary code. Below is a complete list of vulnerabilities 1. Improper passwords handling c...

6.4CVSS6.8AI score0.02266EPSS
Exploits0References2
CNVD
CNVD
added 2015/04/02 12:0 a.m.2 views

Inductive Automation Ignition Cross-Site Scripting Vulnerability

Ignition is an updated version of FactoryPMI, the HMI/SCADA product offered by Inductive Automation. Ignition has a security vulnerability that can be exploited by an attacker to execute malicious content in a vulnerable web application. The server reads data directly from the HTTP request and th...

4.3CVSS7.2AI score0.01141EPSS
Exploits0References1
CNVD
CNVD
added 2015/04/02 12:0 a.m.3 views

Inductive Automation Ignition Invalid Session Expires Vulnerability

Ignition is an updated version of FactoryPMI, the HMI/SCADA product offered by Inductive Automation. Ignition does not delete the session after the user logs out, which can allow an attacker to reuse the current session...

6.4CVSS6.9AI score0.02266EPSS
Exploits0References1
CNVD
CNVD
added 2015/04/02 12:0 a.m.2 views

Inductive Automation Ignition Information Disclosure Vulnerability (CNVD-2015-02154)

Ignition is an updated version of FactoryPMI, the HMI/SCADA product offered by Inductive Automation. Inductive Automation Ignition suffers from an information disclosure vulnerability that could be exploited by an attacker to gain access to sensitive information...

5CVSS6.5AI score0.01359EPSS
Exploits0References1
Rows per page
Query Builder