Critical severity9.8NVD Advisory· Published Jul 15, 2022· Updated Jun 17, 2026
CVE-2022-35890
CVE-2022-35890
Description
An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. Designer and Vision Client Session IDs are mishandled. An attacker can determine which session IDs were generated in the past and then hijack sessions assigned to these IDs via Randy.
Affected products
3- Inductive Automation/Ignitiondescription
- Range: <7.9.20, <8.1.17
Patches
Vulnerability mechanics
References
1- support.inductiveautomation.com/hc/en-us/articles/7625759776653nvdVendor Advisory
News mentions
0No linked articles in our index yet.