289 matches found
CVE-2015-0976
Cross-site scripting XSS vulnerability in Inductive Automation Ignition 7.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Design/Logic Flaw
Inductive Automation Ignition 7.7.2 allows remote authenticated users to bypass a brute-force protection mechanism by using different session ID values in a series of HTTP requests...
Default credentials
Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which makes it easier for context-dependent attackers to obtain access via a brute-force attack...
Cross site scripting
Cross-site scripting XSS vulnerability in Inductive Automation Ignition 7.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Design/Logic Flaw
Inductive Automation Ignition 7.7.2 stores cleartext OPC Server credentials, which allows local users to obtain sensitive information via unspecified vectors...
CVE-2015-0994
Inductive Automation Ignition 7.7.2 allows remote authenticated users to bypass a brute-force protection mechanism by using different session ID values in a series of HTTP requests...
CVE-2015-0993
Inductive Automation Ignition 7.7.2 does not terminate a session upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation...
CVE-2015-0992
CVE-2015-0992 affects Inductive Automation Ignition 7.7.2, where OPC Server credentials are stored in plaintext in the settings file, enabling local users to obtain sensitive information via unspecified vectors. The connected documents corroborate plaintext storage of credentials as the root caus...
CVE-2015-0995
Summary: CVE-2015-0995 affects Inductive Automation Ignition 7.7.2, which uses MD5 password hashes. The root cause is the use of MD5 for storing passwords, enabling context-dependent attackers to gain access via brute-forcing. The vulnerability is described as exploitable remotely in several sour...
CVE-2015-0976
CVE-2015-0976 is an XSS vulnerability in Inductive Automation Ignition 7.7.2. The issue stems from improper neutralization of input in web page generation, with the server reflecting HTTP request data back in the HTTP response, enabling remote attackers to inject arbitrary script. Several connect...
CVE-2015-0993
Inductive Automation Ignition 7.7.2 is affected by CVE-2015-0993, where sessions are not terminated on logout, allowing a remote attacker to bypass access controls via an unattended workstation. Connected sources confirm Ignition is vulnerable in 7.7.x (notably
CVE-2015-0995
Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which makes it easier for context-dependent attackers to obtain access via a brute-force attack...
CVE-2015-0991
CVE-2015-0991 affects Inductive Automation Ignition 7.7.2. The vulnerability is an information disclosure where remote attackers can obtain sensitive data by reading an error message about an unhandled exception, potentially revealing pathname information. The NVD entry lists a CVSS v2 base score...
CVE-2015-0994
In Inductive Automation Ignition, CVE-2015-0994 impacts Ignition 7.7.2, where remote authenticated users can bypass the built-in brute-force protection by manipulating session ID values across a sequence of HTTP requests. The underlying issue involves session handling and credentials management t...
CVE-2015-0991
Inductive Automation Ignition 7.7.2 allows remote attackers to obtain sensitive information by reading an error message about an unhandled exception, as demonstrated by pathname information...
CVE-2015-0976
Cross-site scripting XSS vulnerability in Inductive Automation Ignition 7.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
KLA10535 Multiple vulnerabilities in Inductive Automation Ignition
Multiple serious vulnerabilities have been found in Inductive Automation Ignition. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information or inject arbitrary code. Below is a complete list of vulnerabilities 1. Improper passwords handling c...
Inductive Automation Ignition Cross-Site Scripting Vulnerability
Ignition is an updated version of FactoryPMI, the HMI/SCADA product offered by Inductive Automation. Ignition has a security vulnerability that can be exploited by an attacker to execute malicious content in a vulnerable web application. The server reads data directly from the HTTP request and th...
Inductive Automation Ignition Invalid Session Expires Vulnerability
Ignition is an updated version of FactoryPMI, the HMI/SCADA product offered by Inductive Automation. Ignition does not delete the session after the user logs out, which can allow an attacker to reuse the current session...
Inductive Automation Ignition Information Disclosure Vulnerability (CNVD-2015-02154)
Ignition is an updated version of FactoryPMI, the HMI/SCADA product offered by Inductive Automation. Inductive Automation Ignition suffers from an information disclosure vulnerability that could be exploited by an attacker to gain access to sensitive information...