Lucene search
K
InductiveautomationIgnition

35 matches found

CVE
CVE
added 2015/04/03 10:0 a.m.108 views

CVE-2015-0992

CVE-2015-0992 affects Inductive Automation Ignition 7.7.2, where OPC Server credentials are stored in plaintext in the settings file, enabling local users to obtain sensitive information via unspecified vectors. The connected documents corroborate plaintext storage of credentials as the root caus...

2.1CVSS5.8AI score0.00334EPSS
CVE
CVE
added 2022/07/15 8:7 p.m.96 views

CVE-2022-35890

Inductive Automation Ignition is vulnerable to CVE-2022-35890 due to mishandled session IDs in the Designer and Vision Client. An attacker can determine past-generated session IDs and hijack sessions assigned to those IDs via Randy. Affected versions are Ignition before 7.9.20 and 8.x before 8.1....

9.8CVSS9.4AI score0.01634EPSS
CVE
CVE
added 2022/07/25 6:16 p.m.88 views

CVE-2022-35871

Inductive Automation Ignition 8.1.15 (b2022030114) is affected by CVE-2022-35871. The flaw is in the authenticateAdSso method, where lack of authentication allows executing Python code, potentially running as SYSTEM. This is a remote-exploitable issue without required authentication. Connected so...

8.1CVSS8.1AI score0.39194EPSS
CVE
CVE
added 2022/07/25 6:16 p.m.85 views

CVE-2022-35870

CVE-2022-35870 affects Inductive Automation Ignition 8.1.15 (b2022030114). The flaw is deserialization of untrusted data in com.inductiveautomation.metro.impl that can be exploited to execute code with SYSTEM privileges, bypassing authentication. Public disclosures reference ZDI-2022-1017; Red Ha...

8.8CVSS8AI score0.43103EPSS
CVE
CVE
added 2022/07/25 6:16 p.m.84 views

CVE-2022-35869

This CVE affects Inductive Automation Ignition 8.1.15 (b2022030114). The vulnerability is an authentication bypass in the gateway.web.pages component (com.inductiveautomation.ignition.gateway.web.pages) caused by lack of proper authentication prior to access to functionality. An attacker can remo...

9.8CVSS9.6AI score0.60292EPSS
CVE
CVE
added 2024/05/03 2:10 a.m.84 views

CVE-2023-39472

CVE-2023-39472 — Inductive Automation Ignition is affected through the SimpleXMLReader’s XML External Entity (XXE) handling, where a crafted XML can trigger the parser to fetch a URI and embed its contents, enabling information disclosure in the SYSTEM context. Exploitation requires authenticatio...

6.5CVSS6.2AI score0.01212EPSS
CVE
CVE
added 2022/07/25 6:17 p.m.79 views

CVE-2022-35873

CVE-2022-35873 affects Inductive Automation Ignition 8.1.15 (b2022030114). The vulnerability arises in ZIP file processing; crafted ZIP data can cause the application to execute arbitrary Python scripts, with code execution in the SYSTEM context. Exploitation requires user interaction (victim mus...

7.8CVSS7.8AI score0.00662EPSS
CVE
CVE
added 2022/07/16 6:59 p.m.78 views

CVE-2022-36126

CVE-2022-36126 affects Inductive Automation Ignition prior to 7.9.20 and 8.x prior to 8.1.17. The issue is in the ScriptInvoke function, which allows remote attackers to execute arbitrary Python code by supplying a script, leading to remote code execution with high impact on confidentiality, inte...

7.2CVSS7.3AI score0.01963EPSS
CVE
CVE
added 2022/08/05 3:25 p.m.77 views

CVE-2022-1704

CVE-2022-1704 affects Inductive Automation Ignition. The issue arises from parsing XML in the backup/restore functionality without XML security flags, enabling a potential XML External Entity (XXE) attack. Affected products/versions include: Ignition 8.1.x up to before 8.1.8, and Ignition 7.9.x b...

9.8CVSS8.7AI score0.00817EPSS
CVE
CVE
added 2024/05/03 2:14 a.m.77 views

CVE-2023-50218

CVE-2023-50218 affects Inductive Automation Ignition, specifically the ModuleInvoke class, where unvalidated user-supplied data can be deserialized, enabling remote code execution with SYSTEM privileges. The vulnerability is network-accessible (attack vector: NETWORK) with low initial access requ...

8.8CVSS9AI score0.55031EPSS
CVE
CVE
added 2024/05/03 1:59 a.m.75 views

CVE-2023-38121

CVE-2023-38121 affects Inductive Automation Ignition (OPC UA Quick Client). The vulnerability stems from improper validation of the id parameter in the web interface, enabling cross-site scripting that can lead to remote code execution with SYSTEM privileges. Exploitation requires user interactio...

9CVSS8.2AI score0.01062EPSS
CVE
CVE
added 2024/05/03 2:14 a.m.73 views

CVE-2023-50220

This CVE (CVE-2023-50220) affects Inductive Automation Ignition, specifically the Base64Element class. The issue is a deserialization flaw where untrusted data can be deserialized due to insufficient validation, enabling remote code execution. Exploitation context: attacker-controlled input can r...

8.8CVSS7.5AI score0.01846EPSS
CVE
CVE
added 2024/05/03 2:14 a.m.73 views

CVE-2023-50221

CVE-2023-50221 affects Inductive Automation Ignition: the deserialization flaw in the ResponseParser’s SerializedResponse allows remote code execution. The issue stems from insufficient validation of untrusted data, enabling code execution in the attacker’s context after a target connects to a ma...

8.8CVSS8.9AI score0.01145EPSS
CVE
CVE
added 2024/05/03 2:10 a.m.71 views

CVE-2023-39473

The CVE-2023-39473 entry concerns Inductive Automation Ignition's AbstractGatewayFunction deserialization vulnerability. The flaw stems from insufficient validation of user-supplied data, enabling deserialization of untrusted input and remote code execution. Exploitation requires authentication a...

8.8CVSS9.1AI score0.58828EPSS
CVE
CVE
added 2024/05/03 2:14 a.m.71 views

CVE-2023-50232

CVE-2023-50232 exposes a remote code execution in Inductive Automation Ignition via a getParams argument injection. The flaw stems from insufficient validation of a user-supplied string used to form a system-call argument, allowing code execution in the context of the current user. Exploitation r...

8.8CVSS9AI score0.01386EPSS
CVE
CVE
added 2024/05/03 2:14 a.m.70 views

CVE-2023-50233

CVE-2023-50233 concerns Inductive Automation Ignition, specifically the getJavaExecutable directory traversal vulnerability. The flaw stems from inadequate validation of a user-supplied path before performing file operations, enabling an attacker to execute arbitrary code in the context of the cu...

8.8CVSS8.9AI score0.02081EPSS
CVE
CVE
added 2024/05/03 1:59 a.m.68 views

CVE-2023-38122

CVE-2023-38122 affects Inductive Automation Ignition OPC UA Quick Client. The flaw is in the web server configuration, arising from missing Content Security Policy headers, enabling a cross-domain policy that can lead to remote code execution. Authentication is required to exploit, but the authen...

7.2CVSS7.5AI score0.01484EPSS
CVE
CVE
added 2024/05/03 2:14 a.m.68 views

CVE-2023-50222

CVE-2023-50222 concerns Inductive Automation Ignition’s ResponseParser Notification: deserialization of untrusted data enables remote code execution. The flaw stems from insufficient validation of user-supplied data in the ResponseParser method, allowing an attacker to execute code in the context...

8.8CVSS8.9AI score0.01145EPSS
CVE
CVE
added 2022/07/25 6:16 p.m.67 views

CVE-2022-35872

CVE-2022-35872 affects Inductive Automation Ignition 8.1.15 (b2022030114). The issue is in the ZIP file parsing logic where untrusted data is deserialized due to inadequate validation, enabling remote code execution with SYSTEM privileges. Exploitation requires user interaction (target visits a m...

7.8CVSS7.8AI score0.00652EPSS
CVE
CVE
added 2024/05/03 1:59 a.m.67 views

CVE-2023-38123

Inductive Automation Ignition OPC UA Quick Client contains an authentication bypass in the server configuration that controls access to password-change functionality. The vulnerability allows remote attackers to bypass authentication after the user visits a malicious page or opens a malicious fil...

8.8CVSS7.7AI score0.01132EPSS
CVE
CVE
added 2024/05/03 2:14 a.m.67 views

CVE-2023-50219

CVE-2023-50219 affects Inductive Automation Ignition, specifically the RunQuery deserialization pathway. The flaw permits deserialization of untrusted data due to inadequate validation in the RunQuery class, enabling remote code execution with SYSTEM privileges. Authentication is required to expl...

8.8CVSS9AI score0.01501EPSS
CVE
CVE
added 2024/05/03 1:59 a.m.66 views

CVE-2023-38124

CVE-2023-38124 affects Inductive Automation Ignition Gateway/OPC UA Quick Client Task Scheduling. The flaw stems from exposing a dangerous function in the Ignition Gateway server, allowing remote attackers to execute code with SYSTEM privileges after authenticating. Documents consistently describ...

8.8CVSS7.5AI score0.5582EPSS
CVE
CVE
added 2024/05/03 2:14 a.m.66 views

CVE-2023-50223

Inductive Automation Ignition is affected. The ExtendedDocumentCodec deserialization flaw stems from inadequate validation of untrusted input, enabling remote code execution with SYSTEM privileges. Authentication is required to exploit. No explicit patch/version details are provided here; refer t...

8.8CVSS9AI score0.55177EPSS
CVE
CVE
added 2024/05/03 2:10 a.m.65 views

CVE-2023-39477

This CVE (CVE-2023-39477) affects Inductive Automation Ignition. The flaw lies in how OPC UA ConditionRefresh requests are handled, allowing an unauthenticated attacker to generate a denial-of-service condition by sending a large volume of requests, potentially exhausting server resources. The vu...

7.5CVSS7.5AI score0.0141EPSS
CVE
CVE
added 2024/05/03 2:10 a.m.64 views

CVE-2023-39476

CVE-2023-39476 affects Inductive Automation Ignition via the JavaSerializationCodec deserialization of untrusted data. The flaw is that user-supplied data is not properly validated, enabling an attacker to deserialize untrusted data and execute code in the context of SYSTEM. Exploitation requires...

9.8CVSS9.8AI score0.01784EPSS
CVE
CVE
added 2015/04/03 10:0 a.m.63 views

CVE-2015-0976

CVE-2015-0976 is an XSS vulnerability in Inductive Automation Ignition 7.7.2. The issue stems from improper neutralization of input in web page generation, with the server reflecting HTTP request data back in the HTTP response, enabling remote attackers to inject arbitrary script. Several connect...

4.3CVSS5.7AI score0.01141EPSS
CVE
CVE
added 2015/04/03 10:0 a.m.61 views

CVE-2015-0994

In Inductive Automation Ignition, CVE-2015-0994 impacts Ignition 7.7.2, where remote authenticated users can bypass the built-in brute-force protection by manipulating session ID values across a sequence of HTTP requests. The underlying issue involves session handling and credentials management t...

4CVSS6.3AI score0.01336EPSS
CVE
CVE
added 2015/04/03 10:0 a.m.61 views

CVE-2015-0995

Summary: CVE-2015-0995 affects Inductive Automation Ignition 7.7.2, which uses MD5 password hashes. The root cause is the use of MD5 for storing passwords, enabling context-dependent attackers to gain access via brute-forcing. The vulnerability is described as exploitable remotely in several sour...

5CVSS6.6AI score0.01116EPSS
CVE
CVE
added 2024/05/03 2:10 a.m.61 views

CVE-2023-39475

CVE-2023-39475 affects Inductive Automation Ignition through the ParameterVersionJavaSerializationCodec deserialization of untrusted data. The root cause is lack of validation of user-supplied data in this class, allowing a remote attacker to execute arbitrary code in the context of SYSTEM withou...

9.8CVSS9.8AI score0.03147EPSS
CVE
CVE
added 2015/04/03 10:0 a.m.60 views

CVE-2015-0993

Inductive Automation Ignition 7.7.2 is affected by CVE-2015-0993, where sessions are not terminated on logout, allowing a remote attacker to bypass access controls via an unattended workstation. Connected sources confirm Ignition is vulnerable in 7.7.x (notably

6.4CVSS9.1AI score0.02266EPSS
CVE
CVE
added 2024/05/03 2:10 a.m.60 views

CVE-2023-39474

CVE-2023-39474 (Inductive Automation Ignition) affects the Ignition platform, specifically the downloadLaunchClientJar function. The flaw is due to loading a remote JAR without validating it, enabling a remote attacker to execute arbitrary code in the context of the current user. Exploitation req...

8.8CVSS8.2AI score0.00544EPSS
CVE
CVE
added 2015/04/03 10:0 a.m.59 views

CVE-2015-0991

CVE-2015-0991 affects Inductive Automation Ignition 7.7.2. The vulnerability is an information disclosure where remote attackers can obtain sensitive data by reading an error message about an unhandled exception, potentially revealing pathname information. The NVD entry lists a CVSS v2 base score...

5CVSS6.2AI score0.01359EPSS
CVE
CVE
added 2022/04/01 10:17 p.m.58 views

CVE-2020-14479

CVE-2020-14479 affects Inductive Automation Ignition (Gateway) with a vulnerability described as missing authentication for a critical function, leading to information disclosure via serialized data handling. Affected products include Ignition Gateway versions prior to 7.9.14 (7.x line) and prior...

5.3CVSS5.6AI score0.00851EPSS
CVE
CVE
added 2022/07/20 3:34 p.m.55 views

CVE-2022-1264

Path traversal vulnerability CVE-2022-1264 affects Inductive Automation Ignition. An attacker with network access to the Ignition web configuration could run arbitrary code. Affected products: Ignition all 8.0 versions after 8.0.4, and all 8.1 versions prior to 8.1.10. MITIGATIONS: upgrade to Ign...

8.8CVSS7.7AI score0.00818EPSS
CVE
CVE
added 2026/03/12 6:17 p.m.24 views

CVE-2025-13913

The CVE-2025-13913 entry concerns Inductive Automation Ignition software deserialization of untrusted data. A privileged Ignition user importing a specially crafted external file can trigger execution of embedded malicious code, due to deserialization of the crafted payload in the imported file. ...

6.8CVSS5.8AI score0.00345EPSS