Ignition@* Security Vulnerabilities and Issues — Ignition@* CVE List

Lucene search

InductiveautomationIgnition*

5 matches found

CVE•added 2022/07/15 9:15 p.m.•74 views

CVE-2022-35890

An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. Designer and Vision Client Session IDs are mishandled. An attacker can determine which session IDs were generated in the past and then hijack sessions assigned to these IDs via Randy.

9.8CVSS9.4AI score0.00991EPSS

CVE•added 2022/08/05 4:15 p.m.•62 views

CVE-2022-1704

Due to an XML external entity reference, the software parses XML in the backup/restore functionality without XML security flags, which may lead to a XXE attack while restoring the backup.

9.8CVSS8.7AI score0.00038EPSS

CVE•added 2022/07/16 7:15 p.m.•54 views

CVE-2022-36126

An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. The ScriptInvoke function allows remote attackers to execute arbitrary code by supplying a Python script.

7.2CVSS7.3AI score0.03866EPSS

CVE•added 2022/07/20 4:15 p.m.•41 views

CVE-2022-1264

The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code.

8.8CVSS7.7AI score0.00265EPSS

CVE•added 2022/04/01 11:15 p.m.•40 views

CVE-2020-14479

Sensitive information can be obtained through the handling of serialized data. The issue results from the lack of proper authentication required to query the server

5.3CVSS5.6AI score0.00139EPSS