Ignition Security Vulnerabilities and Issues — Ignition CVE List

Lucene search

InductiveautomationIgnition

8 matches found

CVE•added 2022/07/15 9:15 p.m.•74 views

CVE-2022-35890

An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. Designer and Vision Client Session IDs are mishandled. An attacker can determine which session IDs were generated in the past and then hijack sessions assigned to these IDs via Randy.

9.8CVSS9.4AI score0.00991EPSS

CVE•added 2022/07/25 7:15 p.m.•67 views

CVE-2022-35871

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within the authenticateAdSso method. The issue results from th...

8.1CVSS8.1AI score0.10931EPSS

CVE•added 2022/07/25 7:15 p.m.•64 views

CVE-2022-35870

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists wi...

8.8CVSS8AI score0.19374EPSS

CVE•added 2022/07/25 7:15 p.m.•59 views

CVE-2022-35869

This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within com.inductiveautomation.ignition.gateway.web.pages. The ...

9.8CVSS9.6AI score0.02561EPSS

CVE•added 2022/07/16 7:15 p.m.•54 views

CVE-2022-36126

An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. The ScriptInvoke function allows remote attackers to execute arbitrary code by supplying a Python script.

7.2CVSS7.3AI score0.03866EPSS

CVE•added 2022/07/25 7:15 p.m.•50 views

CVE-2022-35873

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

7.8CVSS7.8AI score0.00495EPSS

CVE•added 2022/07/25 7:15 p.m.•49 views

CVE-2022-35872

7.8CVSS7.8AI score0.00945EPSS

CVE•added 2022/07/20 4:15 p.m.•41 views

CVE-2022-1264

The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code.

8.8CVSS7.7AI score0.00265EPSS