CVE-2020-12004

The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway versions prior to 8.0.10 and Ignition 7 Gateway versions prior to 7.9.14, allowing an attacker to obtain sensitive information...

CVE-2020-10644

The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway versions prior to 8.0.10 and Ignition 7 Gateway versions prior to 7.9.14, allowing an attacker to obtain sensitive information...

EUVD-2020-6656

Malware in sbrugna...

EUVD-2020-4316

Malware in sbrugna...

CVE-2020-10641

An unprotected logging route may allow an attacker to write endless log statements into the database without space limits or authentication. This results in consuming the entire available hard-disk space on the Ignition 8 Gateway versions prior to 8.0.10, causing a denial-of-service condition...

CVE-2020-14520

The affected product is vulnerable to an information leak, which may allow an attacker to obtain sensitive information on the Ignition 8 all versions prior to 8.0.13...

Information disclosure

The affected product is vulnerable to an information leak, which may allow an attacker to obtain sensitive information on the Ignition 8 all versions prior to 8.0.13...

CVE-2020-14520

The affected product is vulnerable to an information leak, which may allow an attacker to obtain sensitive information on the Ignition 8 all versions prior to 8.0.13...

CVE-2020-14520

CVE-2020-14520 affects Inductive Automation Ignition 8 (all versions prior to 8.0.13). The reported vulnerability is missing authorization via an unprotected API, enabling information disclosure by issuing an HTTP request to determine if a given filesystem path exists. The ICS-CERT advisory cites...

Inductive Automation Ignition 8

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Inductive Automation Equipment: Ignition 8 Vulnerability: Missing Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain access to sensitive...

CVE-2020-12000

The affected product is vulnerable to the handling of serialized data. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway versions prior to 8.0.10 and Ignition 7 Gateway versions prior to...

Deserialization of untrusted data

The affected product is vulnerable to the handling of serialized data. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway versions prior to 8.0.10 and Ignition 7 Gateway versions prior to...

CVE-2020-12000

CVE-2020-12000 affects Inductive Automation Ignition Gateway products: Ignition 8 Gateway versions before 8.0.10 and Ignition 7 Gateway versions before 7.9.14. The issue arises from improper validation of user-supplied data, enabling deserialization of untrusted data via serialized-data handling ...

CVE-2020-10644

The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway versions prior to 8.0.10 and Ignition 7 Gateway versions prior to 7.9.14, allowing an attacker to obtain sensitive information...

CVE-2020-10644

CVE-2020-10644 affects Inductive Automation Ignition Gateway; root cause is improper validation that allows deserialization of untrusted data. Affected: Ignition 8.x (prior to 8.0.10) and Ignition 7.x (prior to 7.9.14). Impact documented as sensitive information disclosure. Public references note...

Race condition

An unprotected logging route may allow an attacker to write endless log statements into the database without space limits or authentication. This results in consuming the entire available hard-disk space on the Ignition 8 Gateway versions prior to 8.0.10, causing a denial-of-service condition...

CVE-2020-10641

The CVE-2020-10641 issue affects Ignition 8 Gateway (Perspective Module) prior to 8.0.10, where an unprotected logging route can write unlimited log statements to the database, consuming disk space and causing a denial-of-service. Root cause: improper access controls allowing unauthenticated, net...

CVE-2020-10641

An unprotected logging route may allow an attacker to write endless log statements into the database without space limits or authentication. This results in consuming the entire available hard-disk space on the Ignition 8 Gateway versions prior to 8.0.10, causing a denial-of-service condition...

Inductive Automation Ignition

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Inductive Automation Equipment: Ignition 8 Gateway Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to write endless...