3 matches found
CVE-2022-1704
CVE-2022-1704 affects Inductive Automation Ignition. The issue arises from parsing XML in the backup/restore functionality without XML security flags, enabling a potential XML External Entity (XXE) attack. Affected products/versions include: Ignition 8.1.x up to before 8.1.8, and Ignition 7.9.x b...
CVE-2022-1704 Inductive Automation Ignition
Due to an XML external entity reference, the software parses XML in the backup/restore functionality without XML security flags, which may lead to a XXE attack while restoring the backup...
Inductive Automation Ignition
1. EXECUTIVE SUMMARY CVSS v3 8.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Inductive Automation Equipment: Ignition Vulnerability: Improper Restriction of XML External Entity Reference 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled...