Ignition Security Vulnerabilities and Issues — Ignition CVE List

Lucene search

InductiveautomationIgnition

6 matches found

CVE•added 2015/04/03 10:59 a.m.•91 views

CVE-2015-0992

Inductive Automation Ignition 7.7.2 stores cleartext OPC Server credentials, which allows local users to obtain sensitive information via unspecified vectors.

2.1CVSS5.8AI score0.00058EPSS

CVE•added 2015/04/03 10:59 a.m.•45 views

CVE-2015-0994

Inductive Automation Ignition 7.7.2 allows remote authenticated users to bypass a brute-force protection mechanism by using different session ID values in a series of HTTP requests.

4CVSS6.3AI score0.00135EPSS

CVE•added 2015/04/03 10:59 a.m.•45 views

CVE-2015-0995

Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which makes it easier for context-dependent attackers to obtain access via a brute-force attack.

5CVSS6.6AI score0.00199EPSS

CVE•added 2015/04/03 10:59 a.m.•43 views

CVE-2015-0993

Inductive Automation Ignition 7.7.2 does not terminate a session upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.

6.4CVSS9.1AI score0.00201EPSS

CVE•added 2015/04/03 10:59 a.m.•42 views

CVE-2015-0976

Cross-site scripting (XSS) vulnerability in Inductive Automation Ignition 7.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.7AI score0.00394EPSS

CVE•added 2015/04/03 10:59 a.m.•42 views

CVE-2015-0991

Inductive Automation Ignition 7.7.2 allows remote attackers to obtain sensitive information by reading an error message about an unhandled exception, as demonstrated by pathname information.

5CVSS6.2AI score0.00392EPSS