Inductiveautomation

Ignition

35 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2022-35873

  • EPSS 0.5%
  • Veröffentlicht 25.07.2022 19:15:47
  • Zuletzt bearbeitet 21.11.2024 07:11:51

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious...

7.8

CVE-2022-35872

  • EPSS 0.95%
  • Veröffentlicht 25.07.2022 19:15:46
  • Zuletzt bearbeitet 21.11.2024 07:11:51

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious...

7.8

CVE-2022-35871

  • EPSS 25.2%
  • Veröffentlicht 25.07.2022 19:15:45
  • Zuletzt bearbeitet 21.11.2024 07:11:50

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within the au...

7.8

CVE-2022-35870

  • EPSS 19.37%
  • Veröffentlicht 25.07.2022 19:15:44
  • Zuletzt bearbeitet 21.11.2024 07:11:50

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Although authentication is required to exploit this vulnerability, the existing authentication mecha...

9.8

CVE-2022-35869

  • EPSS 2.56%
  • Veröffentlicht 25.07.2022 19:15:44
  • Zuletzt bearbeitet 21.11.2024 07:11:50

This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within com.ind...

8.8

CVE-2022-1264

  • EPSS 0.4%
  • Veröffentlicht 20.07.2022 16:15:08
  • Zuletzt bearbeitet 21.11.2024 06:40:22

The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code.

7.2

CVE-2022-36126

Exploit
  • EPSS 3.87%
  • Veröffentlicht 16.07.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 07:12:27

An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. The ScriptInvoke function allows remote attackers to execute arbitrary code by supplying a Python script.

9.8

CVE-2022-35890

Exploit
  • EPSS 0.99%
  • Veröffentlicht 15.07.2022 21:15:08
  • Zuletzt bearbeitet 21.11.2024 07:11:53

An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. Designer and Vision Client Session IDs are mishandled. An attacker can determine which session IDs were generated in the past and then hijack sessions assig...

5.3

CVE-2020-14479

  • EPSS 0.15%
  • Veröffentlicht 01.04.2022 23:15:08
  • Zuletzt bearbeitet 21.11.2024 05:03:21

Sensitive information can be obtained through the handling of serialized data. The issue results from the lack of proper authentication required to query the server

5

CVE-2015-0995

  • EPSS 0.27%
  • Veröffentlicht 03.04.2015 10:59:17
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which makes it easier for context-dependent attackers to obtain access via a brute-force attack.