Vendor CVEs
Inductiveautomation
All CVEs
35 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-35869 | Cri | 0.69 | 9.8 | 0.60 | Jul 25, 2022 | This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within… | ||
| CVE-2022-35890 | Cri | 0.64 | 9.8 | 0.02 | Jul 15, 2022 | An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. Designer and Vision Client Session IDs are mishandled. An attacker can determine which session IDs were generated in the past and then hijack sessions assigned to these IDs via Randy. | ||
| CVE-2022-35871 | Hig | 0.54 | 7.8 | 0.39 | Jul 25, 2022 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within the authenticateAdSso method. The… | ||
| CVE-2022-35870 | Hig | 0.54 | 7.8 | 0.43 | Jul 25, 2022 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The… | ||
| CVE-2022-35873 | Hig | 0.51 | 7.8 | 0.01 | Jul 25, 2022 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious… | ||
| CVE-2022-35872 | Hig | 0.51 | 7.8 | 0.01 | Jul 25, 2022 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious… | ||
| CVE-2020-10641 | Hig | 0.49 | 7.5 | 0.01 | Apr 28, 2020 | An unprotected logging route may allow an attacker to write endless log statements into the database without space limits or authentication. This results in consuming the entire available hard-disk space on the Ignition 8 Gateway (versions prior to 8.0.10), causing a… | ||
| CVE-2022-36126 | Hig | 0.47 | 7.2 | 0.02 | Jul 16, 2022 | An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. The ScriptInvoke function allows remote attackers to execute arbitrary code by supplying a Python script. | ||
| CVE-2022-1264 | Med | 0.44 | 6.8 | 0.01 | Jul 20, 2022 | The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code. | ||
| CVE-2025-13911 | Med | 0.42 | 6.4 | 0.00 | Dec 18, 2025 | The vulnerability affects Ignition SCADA applications where Python scripting is utilized for automation purposes. The vulnerability arises from the absence of proper security controls that restrict which Python libraries can be imported and executed within the scripting… | ||
| CVE-2025-13913 | Med | 0.41 | 6.3 | 0.00 | Mar 12, 2026 | A privileged Ignition user, intentionally or otherwise, imports an external file with a specially crafted payload, which executes embedded malicious code. | ||
| CVE-2023-50223 | 0.04 | — | 0.55 | May 3, 2024 | Inductive Automation Ignition ExtendedDocumentCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required… | |||
| CVE-2023-50218 | 0.04 | — | 0.55 | May 3, 2024 | Inductive Automation Ignition ModuleInvoke Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to… | |||
| CVE-2023-38124 | 0.04 | — | 0.56 | May 3, 2024 | Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is… | |||
| CVE-2023-39473 | 0.02 | — | 0.59 | May 3, 2024 | Inductive Automation Ignition AbstractGatewayFunction Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is… | |||
| CVE-2023-50220 | 0.01 | — | 0.02 | May 3, 2024 | Inductive Automation Ignition Base64Element Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to… | |||
| CVE-2023-50219 | 0.01 | — | 0.01 | May 3, 2024 | Inductive Automation Ignition RunQuery Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit… | |||
| CVE-2023-50233 | 0.00 | — | 0.02 | May 3, 2024 | Inductive Automation Ignition getJavaExecutable Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this… | |||
| CVE-2023-50232 | 0.00 | — | 0.01 | May 3, 2024 | Inductive Automation Ignition getParams Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this… | |||
| CVE-2023-50222 | 0.00 | — | 0.01 | May 3, 2024 | Inductive Automation Ignition ResponseParser Notification Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is… | |||
| CVE-2023-50221 | 0.00 | — | 0.01 | May 3, 2024 | Inductive Automation Ignition ResponseParser SerializedResponse Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User… | |||
| CVE-2023-39477 | 0.00 | — | 0.01 | May 3, 2024 | Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to… | |||
| CVE-2023-39476 | 0.00 | — | 0.02 | May 3, 2024 | Inductive Automation Ignition JavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is not… | |||
| CVE-2023-39475 | 0.00 | — | 0.03 | May 3, 2024 | Inductive Automation Ignition ParameterVersionJavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition.… | |||
| CVE-2023-39474 | 0.00 | — | 0.01 | May 3, 2024 | Inductive Automation Ignition downloadLaunchClientJar Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability… | |||
| CVE-2023-39472 | 0.00 | — | 0.01 | May 3, 2024 | Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Inductive Automation Ignition. Authentication is required… | |||
| CVE-2023-38123 | 0.00 | — | 0.01 | May 3, 2024 | Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition. User interaction is… | |||
| CVE-2023-38122 | 0.00 | — | 0.01 | May 3, 2024 | Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Although authentication is… | |||
| CVE-2023-38121 | 0.00 | — | 0.01 | May 3, 2024 | Inductive Automation Ignition OPC UA Quick Client Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit… | |||
| CVE-2015-0995 | 0.00 | — | 0.01 | Apr 3, 2015 | Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which makes it easier for context-dependent attackers to obtain access via a brute-force attack. | |||
| CVE-2015-0994 | 0.00 | — | 0.01 | Apr 3, 2015 | Inductive Automation Ignition 7.7.2 allows remote authenticated users to bypass a brute-force protection mechanism by using different session ID values in a series of HTTP requests. | |||
| CVE-2015-0993 | 0.00 | — | 0.02 | Apr 3, 2015 | Inductive Automation Ignition 7.7.2 does not terminate a session upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation. | |||
| CVE-2015-0992 | 0.00 | — | 0.00 | Apr 3, 2015 | Inductive Automation Ignition 7.7.2 stores cleartext OPC Server credentials, which allows local users to obtain sensitive information via unspecified vectors. | |||
| CVE-2015-0991 | 0.00 | — | 0.01 | Apr 3, 2015 | Inductive Automation Ignition 7.7.2 allows remote attackers to obtain sensitive information by reading an error message about an unhandled exception, as demonstrated by pathname information. | |||
| CVE-2015-0976 | 0.00 | — | 0.01 | Apr 3, 2015 | Cross-site scripting (XSS) vulnerability in Inductive Automation Ignition 7.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
- risk 0.69cvss 9.8epss 0.60
This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within…
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. Designer and Vision Client Session IDs are mishandled. An attacker can determine which session IDs were generated in the past and then hijack sessions assigned to these IDs via Randy.
- risk 0.54cvss 7.8epss 0.39
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within the authenticateAdSso method. The…
- risk 0.54cvss 7.8epss 0.43
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The…
- risk 0.51cvss 7.8epss 0.01
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious…
- risk 0.51cvss 7.8epss 0.01
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious…
- risk 0.49cvss 7.5epss 0.01
An unprotected logging route may allow an attacker to write endless log statements into the database without space limits or authentication. This results in consuming the entire available hard-disk space on the Ignition 8 Gateway (versions prior to 8.0.10), causing a…
- risk 0.47cvss 7.2epss 0.02
An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. The ScriptInvoke function allows remote attackers to execute arbitrary code by supplying a Python script.
- risk 0.44cvss 6.8epss 0.01
The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code.
- risk 0.42cvss 6.4epss 0.00
The vulnerability affects Ignition SCADA applications where Python scripting is utilized for automation purposes. The vulnerability arises from the absence of proper security controls that restrict which Python libraries can be imported and executed within the scripting…
- risk 0.41cvss 6.3epss 0.00
A privileged Ignition user, intentionally or otherwise, imports an external file with a specially crafted payload, which executes embedded malicious code.
- CVE-2023-50223May 3, 2024risk 0.04cvss —epss 0.55
Inductive Automation Ignition ExtendedDocumentCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required…
- CVE-2023-50218May 3, 2024risk 0.04cvss —epss 0.55
Inductive Automation Ignition ModuleInvoke Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to…
- CVE-2023-38124May 3, 2024risk 0.04cvss —epss 0.56
Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is…
- CVE-2023-39473May 3, 2024risk 0.02cvss —epss 0.59
Inductive Automation Ignition AbstractGatewayFunction Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is…
- CVE-2023-50220May 3, 2024risk 0.01cvss —epss 0.02
Inductive Automation Ignition Base64Element Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to…
- CVE-2023-50219May 3, 2024risk 0.01cvss —epss 0.01
Inductive Automation Ignition RunQuery Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit…
- CVE-2023-50233May 3, 2024risk 0.00cvss —epss 0.02
Inductive Automation Ignition getJavaExecutable Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this…
- CVE-2023-50232May 3, 2024risk 0.00cvss —epss 0.01
Inductive Automation Ignition getParams Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this…
- CVE-2023-50222May 3, 2024risk 0.00cvss —epss 0.01
Inductive Automation Ignition ResponseParser Notification Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is…
- CVE-2023-50221May 3, 2024risk 0.00cvss —epss 0.01
Inductive Automation Ignition ResponseParser SerializedResponse Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User…
- CVE-2023-39477May 3, 2024risk 0.00cvss —epss 0.01
Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to…
- CVE-2023-39476May 3, 2024risk 0.00cvss —epss 0.02
Inductive Automation Ignition JavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is not…
- CVE-2023-39475May 3, 2024risk 0.00cvss —epss 0.03
Inductive Automation Ignition ParameterVersionJavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition.…
- CVE-2023-39474May 3, 2024risk 0.00cvss —epss 0.01
Inductive Automation Ignition downloadLaunchClientJar Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability…
- CVE-2023-39472May 3, 2024risk 0.00cvss —epss 0.01
Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Inductive Automation Ignition. Authentication is required…
- CVE-2023-38123May 3, 2024risk 0.00cvss —epss 0.01
Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition. User interaction is…
- CVE-2023-38122May 3, 2024risk 0.00cvss —epss 0.01
Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Although authentication is…
- CVE-2023-38121May 3, 2024risk 0.00cvss —epss 0.01
Inductive Automation Ignition OPC UA Quick Client Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit…
- CVE-2015-0995Apr 3, 2015risk 0.00cvss —epss 0.01
Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which makes it easier for context-dependent attackers to obtain access via a brute-force attack.
- CVE-2015-0994Apr 3, 2015risk 0.00cvss —epss 0.01
Inductive Automation Ignition 7.7.2 allows remote authenticated users to bypass a brute-force protection mechanism by using different session ID values in a series of HTTP requests.
- CVE-2015-0993Apr 3, 2015risk 0.00cvss —epss 0.02
Inductive Automation Ignition 7.7.2 does not terminate a session upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.
- CVE-2015-0992Apr 3, 2015risk 0.00cvss —epss 0.00
Inductive Automation Ignition 7.7.2 stores cleartext OPC Server credentials, which allows local users to obtain sensitive information via unspecified vectors.
- CVE-2015-0991Apr 3, 2015risk 0.00cvss —epss 0.01
Inductive Automation Ignition 7.7.2 allows remote attackers to obtain sensitive information by reading an error message about an unhandled exception, as demonstrated by pathname information.
- CVE-2015-0976Apr 3, 2015risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Inductive Automation Ignition 7.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.