Ignition Security Vulnerabilities and Issues — Ignition CVE List

Lucene search

InductiveautomationIgnition

10 matches found

CVE•added 2022/07/15 9:15 p.m.•74 views

CVE-2022-35890

An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. Designer and Vision Client Session IDs are mishandled. An attacker can determine which session IDs were generated in the past and then hijack sessions assigned to these IDs via Randy.

9.8CVSS9.4AI score0.00991EPSS

CVE•added 2022/07/25 7:15 p.m.•67 views

CVE-2022-35871

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within the authenticateAdSso method. The issue results from th...

8.1CVSS8.1AI score0.16908EPSS

CVE•added 2022/07/25 7:15 p.m.•64 views

CVE-2022-35870

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists wi...

8.8CVSS8AI score0.10186EPSS

CVE•added 2022/08/05 4:15 p.m.•62 views

CVE-2022-1704

Due to an XML external entity reference, the software parses XML in the backup/restore functionality without XML security flags, which may lead to a XXE attack while restoring the backup.

9.8CVSS8.7AI score0.00038EPSS

CVE•added 2022/07/25 7:15 p.m.•59 views

CVE-2022-35869

This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within com.inductiveautomation.ignition.gateway.web.pages. The ...

9.8CVSS9.6AI score0.00801EPSS

CVE•added 2022/07/16 7:15 p.m.•54 views

CVE-2022-36126

An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. The ScriptInvoke function allows remote attackers to execute arbitrary code by supplying a Python script.

7.2CVSS7.3AI score0.03866EPSS

CVE•added 2022/07/25 7:15 p.m.•50 views

CVE-2022-35873

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

7.8CVSS7.8AI score0.01852EPSS

CVE•added 2022/07/25 7:15 p.m.•49 views

CVE-2022-35872

7.8CVSS7.8AI score0.02503EPSS

CVE•added 2022/07/20 4:15 p.m.•41 views

CVE-2022-1264

The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code.

8.8CVSS7.7AI score0.00265EPSS

CVE•added 2022/04/01 11:15 p.m.•40 views

CVE-2020-14479

Sensitive information can be obtained through the handling of serialized data. The issue results from the lack of proper authentication required to query the server

5.3CVSS5.6AI score0.00139EPSS