CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2024/05/03 2:14 a.m.•58 views

CVE-2023-50220

This CVE (CVE-2023-50220) affects Inductive Automation Ignition, specifically the Base64Element class. The issue is a deserialization flaw where untrusted data can be deserialized due to insufficient validation, enabling remote code execution. Exploitation context: attacker-controlled input can r...

8.8CVSS7.5AI score0.07077EPSS

Exploits0References2Affected Software1

Cvelist•added 2024/05/03 2:14 a.m.•17 views

CVE-2023-50219 Inductive Automation Ignition RunQuery Deserialization of Untrusted Data Remote Code Execution Vulnerability

8.8CVSS9.2AI score0.0891EPSS

Cvelist•added 2024/05/03 2:14 a.m.•18 views

CVE-2023-50218 Inductive Automation Ignition ModuleInvoke Deserialization of Untrusted Data Remote Code Execution Vulnerability

Inductive Automation Ignition ModuleInvoke Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this...

8.8CVSS9.2AI score0.48962EPSS

Vulnrichment•added 2024/05/03 2:14 a.m.•22 views

CVE-2023-50218 Inductive Automation Ignition ModuleInvoke Deserialization of Untrusted Data Remote Code Execution Vulnerability

8.8CVSS8AI score0.48962EPSS

CVE•added 2024/05/03 2:10 a.m.•51 views

CVE-2023-39476

CVE-2023-39476 affects Inductive Automation Ignition via the JavaSerializationCodec deserialization of untrusted data. The flaw is that user-supplied data is not properly validated, enabling an attacker to deserialize untrusted data and execute code in the context of SYSTEM. Exploitation requires...

9.8CVSS9.8AI score0.02148EPSS

Vulnrichment•added 2024/05/03 2:10 a.m.•11 views

CVE-2023-39477 Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability

Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this...

7.5CVSS6.7AI score0.00337EPSS

Cvelist•added 2024/05/03 2:10 a.m.•17 views

CVE-2023-39476 Inductive Automation Ignition JavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability

Inductive Automation Ignition JavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is not required to exploit th...

9.8CVSS10AI score0.02148EPSS

CVE•added 2024/05/03 2:10 a.m.•54 views

CVE-2023-39477

This CVE (CVE-2023-39477) affects Inductive Automation Ignition. The flaw lies in how OPC UA ConditionRefresh requests are handled, allowing an unauthenticated attacker to generate a denial-of-service condition by sending a large volume of requests, potentially exhausting server resources. The vu...

7.5CVSS7.5AI score0.00337EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2024/05/03 2:10 a.m.•7 views

CVE-2023-39476 Inductive Automation Ignition JavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability

9.8CVSS8.2AI score0.02148EPSS

Cvelist•added 2024/05/03 2:10 a.m.•13 views

CVE-2023-39477 Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability

7.5CVSS7.7AI score0.00337EPSS

Vulnrichment•added 2024/05/03 2:10 a.m.•14 views

CVE-2023-39475 Inductive Automation Ignition ParameterVersionJavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability

Inductive Automation Ignition ParameterVersionJavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is not requir...

9.8CVSS8.2AI score0.02854EPSS

CVE•added 2024/05/03 2:10 a.m.•48 views

CVE-2023-39475

CVE-2023-39475 affects Inductive Automation Ignition through the ParameterVersionJavaSerializationCodec deserialization of untrusted data. The root cause is lack of validation of user-supplied data in this class, allowing a remote attacker to execute arbitrary code in the context of SYSTEM withou...

9.8CVSS9.8AI score0.02854EPSS

Cvelist•added 2024/05/03 2:10 a.m.•14 views

CVE-2023-39475 Inductive Automation Ignition ParameterVersionJavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability

9.8CVSS10AI score0.02854EPSS

Cvelist•added 2024/05/03 2:10 a.m.•14 views

CVE-2023-39474 Inductive Automation Ignition downloadLaunchClientJar Remote Code Execution Vulnerability

Inductive Automation Ignition downloadLaunchClientJar Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target...

8CVSS8.4AI score0.01051EPSS

Vulnrichment•added 2024/05/03 2:10 a.m.•18 views

CVE-2023-39474 Inductive Automation Ignition downloadLaunchClientJar Remote Code Execution Vulnerability

8CVSS8.2AI score0.01051EPSS

CVE•added 2024/05/03 2:10 a.m.•50 views

CVE-2023-39474

CVE-2023-39474 (Inductive Automation Ignition) affects the Ignition platform, specifically the downloadLaunchClientJar function. The flaw is due to loading a remote JAR without validating it, enabling a remote attacker to execute arbitrary code in the context of the current user. Exploitation req...

8.8CVSS8.2AI score0.01051EPSS

CVE•added 2024/05/03 2:10 a.m.•59 views

CVE-2023-39473

The CVE-2023-39473 entry concerns Inductive Automation Ignition's AbstractGatewayFunction deserialization vulnerability. The flaw stems from insufficient validation of user-supplied data, enabling deserialization of untrusted input and remote code execution. Exploitation requires authentication a...

8.8CVSS9.1AI score0.29897EPSS

CVE•added 2024/05/03 2:10 a.m.•71 views

CVE-2023-39472

CVE-2023-39472 — Inductive Automation Ignition is affected through the SimpleXMLReader’s XML External Entity (XXE) handling, where a crafted XML can trigger the parser to fetch a URI and embed its contents, enabling information disclosure in the SYSTEM context. Exploitation requires authenticatio...

6.5CVSS6.2AI score0.00534EPSS

Vulnrichment•added 2024/05/03 2:10 a.m.•14 views

CVE-2023-39473 Inductive Automation Ignition AbstractGatewayFunction Deserialization of Untrusted Data Remote Code Execution Vulnerability

Inductive Automation Ignition AbstractGatewayFunction Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this...

8.8CVSS9.1AI score0.29897EPSS