299 matches found
CVE-2015-0993
Inductive Automation Ignition 7.7.2 is affected by CVE-2015-0993, where sessions are not terminated on logout, allowing a remote attacker to bypass access controls via an unattended workstation. Connected sources confirm Ignition is vulnerable in 7.7.x (notably
CVE-2015-0995
Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which makes it easier for context-dependent attackers to obtain access via a brute-force attack...
CVE-2015-0995
Summary: CVE-2015-0995 affects Inductive Automation Ignition 7.7.2, which uses MD5 password hashes. The root cause is the use of MD5 for storing passwords, enabling context-dependent attackers to gain access via brute-forcing. The vulnerability is described as exploitable remotely in several sour...
CVE-2015-0991
Inductive Automation Ignition 7.7.2 allows remote attackers to obtain sensitive information by reading an error message about an unhandled exception, as demonstrated by pathname information...
CVE-2015-0976
CVE-2015-0976 is an XSS vulnerability in Inductive Automation Ignition 7.7.2. The issue stems from improper neutralization of input in web page generation, with the server reflecting HTTP request data back in the HTTP response, enabling remote attackers to inject arbitrary script. Several connect...
CVE-2015-0991
CVE-2015-0991 affects Inductive Automation Ignition 7.7.2. The vulnerability is an information disclosure where remote attackers can obtain sensitive data by reading an error message about an unhandled exception, potentially revealing pathname information. The NVD entry lists a CVSS v2 base score...
KLA10535 Multiple vulnerabilities in Inductive Automation Ignition
Multiple serious vulnerabilities have been found in Inductive Automation Ignition. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information or inject arbitrary code. Below is a complete list of vulnerabilities 1. Improper passwords handling c...
Inductive Automation Ignition Information Disclosure Vulnerability (CNVD-2015-02154)
Ignition is an updated version of FactoryPMI, the HMI/SCADA product offered by Inductive Automation. Inductive Automation Ignition suffers from an information disclosure vulnerability that could be exploited by an attacker to gain access to sensitive information...
Inductive Automation Ignition Brute Force Vulnerability
Ignition is an updated version of FactoryPMI, the HMI/SCADA product offered by Inductive Automation. Ignition suffers from a security vulnerability in the hash algorithm MD5 in use, which can lead to brute force attacks on database storage accounts...
Inductive Automation Ignition Information Disclosure Vulnerability (CNVD-2015-02155)
Ignition is an updated version of FactoryPMI, the HMI/SCADA product offered by Inductive Automation. Ignition stores the OPC Server username and password in plaintext in the settings file, which can be utilized by an attacker to obtain sensitive information...
Inductive Automation Ignition Invalid Session Expires Vulnerability
Ignition is an updated version of FactoryPMI, the HMI/SCADA product offered by Inductive Automation. Ignition does not delete the session after the user logs out, which can allow an attacker to reuse the current session...
Inductive Automation Ignition Cross-Site Scripting Vulnerability
Ignition is an updated version of FactoryPMI, the HMI/SCADA product offered by Inductive Automation. Ignition has a security vulnerability that can be exploited by an attacker to execute malicious content in a vulnerable web application. The server reads data directly from the HTTP request and th...
Inductive Automation Ignition Security Bypass Vulnerability
Ignition is an updated version of FactoryPMI, the HMI/SCADA product offered by Inductive Automation. A security vulnerability exists in the Ignition brute force attack blocking mechanism, which can be bypassed by an attacker by setting the session ID parameter in the HTTP request...
PT-2015-04: JNLP File Inclusion in Inductive Automation Ignition
The specialists of the Positive Research center have detected a JNLP File Inclusion vulnerability in Inductive Automation Ignition. Adding any symbols to users’ web request for starting Java applet allow including into jnlp file in the field indicating applet to be executed. By manipulating this...
PT-2015-06: Information Disclosure in Inductive Automation Ignition
The specialists of the Positive Research center have detected an Information Disclosure vulnerability in Inductive Automation Ignition. OPC Server username and password stored in clear text. How to fix Update your sofware up to the latest version Advisory status 12.02.2015 - Vendor gets...
PT-2015-05: Information Disclosure in Inductive Automation Ignition
The specialists of the Positive Research center have detected an Information Disclosure vulnerability in Inductive Automation Ignition. This page contains an error/warning message that may disclose sensitive information. The message can also contain the location of the file that produced the...
PT-2015-08: Bypass Anti-Bruteforce Mechanism in Inductive Automation Ignition
The specialists of the Positive Research center have detected a Bypass Anti-Bruteforce Mechanism vulnerability in Inductive Automation Ignition. The mechanism of blocking bruteforce attacks could be bypassed with resetting session id parameter in HTTP request. The mechanism blocking bruteforce...
Inductive Automation Ignition Vulnerabilities
OVERVIEW Evgeny Druzhinin, Alexey Osipov, Ilya Karpov, and Gleb Gritsai of Positive Technologies have identified several vulnerabilities in Inductive Automation’s Ignition Software. Inductive Automation has produced a patch that mitigates these vulnerabilities. These vulnerabilities could be...
Inductive Automation Ignition Information Disclosure Vulnerability
Overview ICS-CERT has received a report from Rubén Santamarta concerning a vulnerability in Inductive Automation’s Ignition software. Ignition is an updated version of FactoryPMI Plant Management Interface, offered by Inductive Automation. This vulnerability allows unauthorized users to download...