VYPR
Vendor

Inductiveautomation

Products
1
CVEs
35
Across products
35
Status
Private

Products

1

Recent CVEs

35
View all 35 CVEs →
  • CVE-2022-35869CriJul 25, 2022
    risk 0.69cvss 9.8epss 0.60

    This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within…

  • CVE-2022-35890CriJul 15, 2022
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. Designer and Vision Client Session IDs are mishandled. An attacker can determine which session IDs were generated in the past and then hijack sessions assigned to these IDs via Randy.

  • CVE-2022-35871HigJul 25, 2022
    risk 0.54cvss 7.8epss 0.39

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within the authenticateAdSso method. The…

  • CVE-2022-35870HigJul 25, 2022
    risk 0.54cvss 7.8epss 0.43

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The…

  • CVE-2022-35873HigJul 25, 2022
    risk 0.51cvss 7.8epss 0.01

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious…

  • CVE-2022-35872HigJul 25, 2022
    risk 0.51cvss 7.8epss 0.01

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious…

  • CVE-2020-10641HigApr 28, 2020
    risk 0.49cvss 7.5epss 0.01

    An unprotected logging route may allow an attacker to write endless log statements into the database without space limits or authentication. This results in consuming the entire available hard-disk space on the Ignition 8 Gateway (versions prior to 8.0.10), causing a…

  • CVE-2022-36126HigJul 16, 2022
    risk 0.47cvss 7.2epss 0.02

    An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. The ScriptInvoke function allows remote attackers to execute arbitrary code by supplying a Python script.

  • CVE-2022-1264MedJul 20, 2022
    risk 0.44cvss 6.8epss 0.01

    The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code.

  • CVE-2025-13911MedDec 18, 2025
    risk 0.42cvss 6.4epss 0.00

    The vulnerability affects Ignition SCADA applications where Python scripting is utilized for automation purposes. The vulnerability arises from the absence of proper security controls that restrict which Python libraries can be imported and executed within the scripting…

  • CVE-2025-13913MedMar 12, 2026
    risk 0.41cvss 6.3epss 0.00

    A privileged Ignition user, intentionally or otherwise, imports an external file with a specially crafted payload, which executes embedded malicious code.

  • CVE-2023-50223May 3, 2024
    risk 0.04cvss epss 0.55

    Inductive Automation Ignition ExtendedDocumentCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required…

  • CVE-2023-50218May 3, 2024
    risk 0.04cvss epss 0.55

    Inductive Automation Ignition ModuleInvoke Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to…

  • CVE-2023-38124May 3, 2024
    risk 0.04cvss epss 0.56

    Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is…

  • CVE-2023-39473May 3, 2024
    risk 0.02cvss epss 0.59

    Inductive Automation Ignition AbstractGatewayFunction Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is…

  • CVE-2023-50220May 3, 2024
    risk 0.01cvss epss 0.02

    Inductive Automation Ignition Base64Element Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to…

  • CVE-2023-50219May 3, 2024
    risk 0.01cvss epss 0.01

    Inductive Automation Ignition RunQuery Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit…

  • CVE-2023-50233May 3, 2024
    risk 0.00cvss epss 0.02

    Inductive Automation Ignition getJavaExecutable Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this…

  • CVE-2023-50232May 3, 2024
    risk 0.00cvss epss 0.01

    Inductive Automation Ignition getParams Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this…

  • CVE-2023-50222May 3, 2024
    risk 0.00cvss epss 0.01

    Inductive Automation Ignition ResponseParser Notification Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is…