7 matches found
CVE-2022-35890
Inductive Automation Ignition is vulnerable to CVE-2022-35890 due to mishandled session IDs in the Designer and Vision Client. An attacker can determine past-generated session IDs and hijack sessions assigned to those IDs via Randy. Affected versions are Ignition before 7.9.20 and 8.x before 8.1....
CVE-2022-36126
CVE-2022-36126 affects Inductive Automation Ignition prior to 7.9.20 and 8.x prior to 8.1.17. The issue is in the ScriptInvoke function, which allows remote attackers to execute arbitrary Python code by supplying a script, leading to remote code execution with high impact on confidentiality, inte...
CVE-2023-38121
CVE-2023-38121 affects Inductive Automation Ignition (OPC UA Quick Client). The vulnerability stems from improper validation of the id parameter in the web interface, enabling cross-site scripting that can lead to remote code execution with SYSTEM privileges. Exploitation requires user interactio...
CVE-2023-38123
Inductive Automation Ignition OPC UA Quick Client contains an authentication bypass in the server configuration that controls access to password-change functionality. The vulnerability allows remote attackers to bypass authentication after the user visits a malicious page or opens a malicious fil...
CVE-2023-38122
CVE-2023-38122 affects Inductive Automation Ignition OPC UA Quick Client. The flaw is in the web server configuration, arising from missing Content Security Policy headers, enabling a cross-domain policy that can lead to remote code execution. Authentication is required to exploit, but the authen...
CVE-2023-38124
CVE-2023-38124 affects Inductive Automation Ignition Gateway/OPC UA Quick Client Task Scheduling. The flaw stems from exposing a dangerous function in the Ignition Gateway server, allowing remote attackers to execute code with SYSTEM privileges after authenticating. Documents consistently describ...
CVE-2025-13913
The CVE-2025-13913 entry concerns Inductive Automation Ignition software deserialization of untrusted data. A privileged Ignition user importing a specially crafted external file can trigger execution of embedded malicious code, due to deserialization of the crafted payload in the imported file. ...