Inductiveautomation

Ignition

36 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2022-1704

  • EPSS 0.82%
  • Veröffentlicht 05.08.2022 16:15:11
  • Zuletzt bearbeitet 21.11.2024 06:41:17

Due to an XML external entity reference, the software parses XML in the backup/restore functionality without XML security flags, which may lead to a XXE attack while restoring the backup.

7.8

CVE-2022-35873

  • EPSS 0.64%
  • Veröffentlicht 25.07.2022 19:15:47
  • Zuletzt bearbeitet 21.11.2024 07:11:51

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious...

7.8

CVE-2022-35872

  • EPSS 0.63%
  • Veröffentlicht 25.07.2022 19:15:46
  • Zuletzt bearbeitet 21.11.2024 07:11:51

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious...

7.8

CVE-2022-35871

  • EPSS 39.19%
  • Veröffentlicht 25.07.2022 19:15:45
  • Zuletzt bearbeitet 21.11.2024 07:11:50

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within the au...

7.8

CVE-2022-35870

  • EPSS 43.1%
  • Veröffentlicht 25.07.2022 19:15:44
  • Zuletzt bearbeitet 21.11.2024 07:11:50

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Although authentication is required to exploit this vulnerability, the existing authentication mecha...

9.8

CVE-2022-35869

  • EPSS 60.29%
  • Veröffentlicht 25.07.2022 19:15:44
  • Zuletzt bearbeitet 21.11.2024 07:11:50

This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within com.ind...

8.8

CVE-2022-1264

  • EPSS 0.82%
  • Veröffentlicht 20.07.2022 16:15:08
  • Zuletzt bearbeitet 21.11.2024 06:40:22

The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code.

7.2

CVE-2022-36126

Exploit
  • EPSS 1.96%
  • Veröffentlicht 16.07.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 07:12:27

An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. The ScriptInvoke function allows remote attackers to execute arbitrary code by supplying a Python script.

9.8

CVE-2022-35890

Exploit
  • EPSS 1.63%
  • Veröffentlicht 15.07.2022 21:15:08
  • Zuletzt bearbeitet 21.11.2024 07:11:53

An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. Designer and Vision Client Session IDs are mishandled. An attacker can determine which session IDs were generated in the past and then hijack sessions assig...

5.3

CVE-2020-14479

  • EPSS 0.85%
  • Veröffentlicht 01.04.2022 23:15:08
  • Zuletzt bearbeitet 21.11.2024 05:03:21

Sensitive information can be obtained through the handling of serialized data. The issue results from the lack of proper authentication required to query the server