Lucene search
K
InductiveautomationIgnition*

7 matches found

CVE
CVE
added 2022/07/15 8:7 p.m.97 views

CVE-2022-35890

Inductive Automation Ignition is vulnerable to CVE-2022-35890 due to mishandled session IDs in the Designer and Vision Client. An attacker can determine past-generated session IDs and hijack sessions assigned to those IDs via Randy. Affected versions are Ignition before 7.9.20 and 8.x before 8.1....

9.8CVSS9.4AI score0.01955EPSS
CVE
CVE
added 2022/07/16 6:59 p.m.78 views

CVE-2022-36126

CVE-2022-36126 affects Inductive Automation Ignition prior to 7.9.20 and 8.x prior to 8.1.17. The issue is in the ScriptInvoke function, which allows remote attackers to execute arbitrary Python code by supplying a script, leading to remote code execution with high impact on confidentiality, inte...

7.2CVSS7.3AI score0.02485EPSS
CVE
CVE
added 2024/05/03 1:59 a.m.77 views

CVE-2023-38121

CVE-2023-38121 affects Inductive Automation Ignition (OPC UA Quick Client). The vulnerability stems from improper validation of the id parameter in the web interface, enabling cross-site scripting that can lead to remote code execution with SYSTEM privileges. Exploitation requires user interactio...

9CVSS8.2AI score0.01062EPSS
CVE
CVE
added 2024/05/03 1:59 a.m.70 views

CVE-2023-38123

Inductive Automation Ignition OPC UA Quick Client contains an authentication bypass in the server configuration that controls access to password-change functionality. The vulnerability allows remote attackers to bypass authentication after the user visits a malicious page or opens a malicious fil...

8.8CVSS7.7AI score0.01132EPSS
CVE
CVE
added 2024/05/03 1:59 a.m.68 views

CVE-2023-38122

CVE-2023-38122 affects Inductive Automation Ignition OPC UA Quick Client. The flaw is in the web server configuration, arising from missing Content Security Policy headers, enabling a cross-domain policy that can lead to remote code execution. Authentication is required to exploit, but the authen...

7.2CVSS7.5AI score0.01484EPSS
CVE
CVE
added 2024/05/03 1:59 a.m.66 views

CVE-2023-38124

CVE-2023-38124 affects Inductive Automation Ignition Gateway/OPC UA Quick Client Task Scheduling. The flaw stems from exposing a dangerous function in the Ignition Gateway server, allowing remote attackers to execute code with SYSTEM privileges after authenticating. Documents consistently describ...

8.8CVSS7.5AI score0.5582EPSS
CVE
CVE
added 2026/03/12 6:17 p.m.28 views

CVE-2025-13913

The CVE-2025-13913 entry concerns Inductive Automation Ignition software deserialization of untrusted data. A privileged Ignition user importing a specially crafted external file can trigger execution of embedded malicious code, due to deserialization of the crafted payload in the imported file. ...

6.8CVSS5.8AI score0.00345EPSS