Lucene search
Nguyễn Tiến Giang (Jang) of STAR Labs SG Pte. Ltd.ZDI-23-1049HistoryAug 08, 2023 - 12:00 a.m.
(0Day) Inductive Automation Ignition downloadLaunchClientJar Remote Code Execution Vulnerability
2023-08-0800:00:00
Nguyễn Tiến Giang (Jang) of STAR Labs SG Pte. Ltd.
www.zerodayinitiative.com
10
inductive automation ignition
downloadlaunchclientjar
remote code execution
vulnerability
user interaction
malicious server
jar file
current user
0.001 Low
EPSS
Percentile
29.0%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server. The specific flaw exists within the downloadLaunchClientJar function. The issue results from the lack of validating a remote JAR file prior to loading it. An attacker can leverage this vulnerability to execute code in the context of the current user.
Related
nvd
nvd
CVE-2023-39474
2024-05-03 03:15:13
cve
cve
CVE-2023-39474
2024-05-03 03:15:13
vulnrichment
vulnrichment
cvelist
cvelist