Ignition
CVEs (35)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-50221 | 0.00 | — | 0.01 | May 3, 2024 | Inductive Automation Ignition ResponseParser SerializedResponse Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User… | |||
| CVE-2023-39477 | 0.00 | — | 0.01 | May 3, 2024 | Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to… | |||
| CVE-2023-39476 | 0.00 | — | 0.02 | May 3, 2024 | Inductive Automation Ignition JavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is not… | |||
| CVE-2023-39475 | 0.00 | — | 0.03 | May 3, 2024 | Inductive Automation Ignition ParameterVersionJavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition.… | |||
| CVE-2023-39474 | 0.00 | — | 0.01 | May 3, 2024 | Inductive Automation Ignition downloadLaunchClientJar Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability… | |||
| CVE-2023-39472 | 0.00 | — | 0.01 | May 3, 2024 | Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Inductive Automation Ignition. Authentication is required… | |||
| CVE-2023-38123 | 0.00 | — | 0.01 | May 3, 2024 | Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition. User interaction is… | |||
| CVE-2023-38122 | 0.00 | — | 0.01 | May 3, 2024 | Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Although authentication is… | |||
| CVE-2023-38121 | 0.00 | — | 0.01 | May 3, 2024 | Inductive Automation Ignition OPC UA Quick Client Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit… | |||
| CVE-2015-0995 | 0.00 | — | 0.01 | Apr 3, 2015 | Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which makes it easier for context-dependent attackers to obtain access via a brute-force attack. | |||
| CVE-2015-0994 | 0.00 | — | 0.01 | Apr 3, 2015 | Inductive Automation Ignition 7.7.2 allows remote authenticated users to bypass a brute-force protection mechanism by using different session ID values in a series of HTTP requests. | |||
| CVE-2015-0993 | 0.00 | — | 0.02 | Apr 3, 2015 | Inductive Automation Ignition 7.7.2 does not terminate a session upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation. | |||
| CVE-2015-0992 | 0.00 | — | 0.00 | Apr 3, 2015 | Inductive Automation Ignition 7.7.2 stores cleartext OPC Server credentials, which allows local users to obtain sensitive information via unspecified vectors. | |||
| CVE-2015-0991 | 0.00 | — | 0.01 | Apr 3, 2015 | Inductive Automation Ignition 7.7.2 allows remote attackers to obtain sensitive information by reading an error message about an unhandled exception, as demonstrated by pathname information. | |||
| CVE-2015-0976 | 0.00 | — | 0.01 | Apr 3, 2015 | Cross-site scripting (XSS) vulnerability in Inductive Automation Ignition 7.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
- CVE-2023-50221May 3, 2024risk 0.00cvss —epss 0.01
Inductive Automation Ignition ResponseParser SerializedResponse Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User…
- CVE-2023-39477May 3, 2024risk 0.00cvss —epss 0.01
Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to…
- CVE-2023-39476May 3, 2024risk 0.00cvss —epss 0.02
Inductive Automation Ignition JavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is not…
- CVE-2023-39475May 3, 2024risk 0.00cvss —epss 0.03
Inductive Automation Ignition ParameterVersionJavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition.…
- CVE-2023-39474May 3, 2024risk 0.00cvss —epss 0.01
Inductive Automation Ignition downloadLaunchClientJar Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability…
- CVE-2023-39472May 3, 2024risk 0.00cvss —epss 0.01
Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Inductive Automation Ignition. Authentication is required…
- CVE-2023-38123May 3, 2024risk 0.00cvss —epss 0.01
Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition. User interaction is…
- CVE-2023-38122May 3, 2024risk 0.00cvss —epss 0.01
Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Although authentication is…
- CVE-2023-38121May 3, 2024risk 0.00cvss —epss 0.01
Inductive Automation Ignition OPC UA Quick Client Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit…
- CVE-2015-0995Apr 3, 2015risk 0.00cvss —epss 0.01
Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which makes it easier for context-dependent attackers to obtain access via a brute-force attack.
- CVE-2015-0994Apr 3, 2015risk 0.00cvss —epss 0.01
Inductive Automation Ignition 7.7.2 allows remote authenticated users to bypass a brute-force protection mechanism by using different session ID values in a series of HTTP requests.
- CVE-2015-0993Apr 3, 2015risk 0.00cvss —epss 0.02
Inductive Automation Ignition 7.7.2 does not terminate a session upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.
- CVE-2015-0992Apr 3, 2015risk 0.00cvss —epss 0.00
Inductive Automation Ignition 7.7.2 stores cleartext OPC Server credentials, which allows local users to obtain sensitive information via unspecified vectors.
- CVE-2015-0991Apr 3, 2015risk 0.00cvss —epss 0.01
Inductive Automation Ignition 7.7.2 allows remote attackers to obtain sensitive information by reading an error message about an unhandled exception, as demonstrated by pathname information.
- CVE-2015-0976Apr 3, 2015risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Inductive Automation Ignition 7.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Page 2 of 2