VYPR

Vendor CVEs

Inductiveautomation

All CVEs

35 total · sorted by risk
  • CVE-2022-35869CriJul 25, 2022
    risk 0.69cvss 9.8epss 0.60

    This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within…

  • CVE-2022-35890CriJul 15, 2022
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. Designer and Vision Client Session IDs are mishandled. An attacker can determine which session IDs were generated in the past and then hijack sessions assigned to these IDs via Randy.

  • CVE-2022-35871HigJul 25, 2022
    risk 0.54cvss 7.8epss 0.39

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within the authenticateAdSso method. The…

  • CVE-2022-35870HigJul 25, 2022
    risk 0.54cvss 7.8epss 0.43

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The…

  • CVE-2022-35873HigJul 25, 2022
    risk 0.51cvss 7.8epss 0.01

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious…

  • CVE-2022-35872HigJul 25, 2022
    risk 0.51cvss 7.8epss 0.01

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious…

  • CVE-2020-10641HigApr 28, 2020
    risk 0.49cvss 7.5epss 0.01

    An unprotected logging route may allow an attacker to write endless log statements into the database without space limits or authentication. This results in consuming the entire available hard-disk space on the Ignition 8 Gateway (versions prior to 8.0.10), causing a…

  • CVE-2022-36126HigJul 16, 2022
    risk 0.47cvss 7.2epss 0.02

    An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. The ScriptInvoke function allows remote attackers to execute arbitrary code by supplying a Python script.

  • CVE-2022-1264MedJul 20, 2022
    risk 0.44cvss 6.8epss 0.01

    The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code.

  • CVE-2025-13911MedDec 18, 2025
    risk 0.42cvss 6.4epss 0.00

    The vulnerability affects Ignition SCADA applications where Python scripting is utilized for automation purposes. The vulnerability arises from the absence of proper security controls that restrict which Python libraries can be imported and executed within the scripting…

  • CVE-2025-13913MedMar 12, 2026
    risk 0.41cvss 6.3epss 0.00

    A privileged Ignition user, intentionally or otherwise, imports an external file with a specially crafted payload, which executes embedded malicious code.

  • CVE-2023-50223May 3, 2024
    risk 0.04cvss epss 0.55

    Inductive Automation Ignition ExtendedDocumentCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required…

  • CVE-2023-50218May 3, 2024
    risk 0.04cvss epss 0.55

    Inductive Automation Ignition ModuleInvoke Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to…

  • CVE-2023-38124May 3, 2024
    risk 0.04cvss epss 0.56

    Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is…

  • CVE-2023-39473May 3, 2024
    risk 0.02cvss epss 0.59

    Inductive Automation Ignition AbstractGatewayFunction Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is…

  • CVE-2023-50220May 3, 2024
    risk 0.01cvss epss 0.02

    Inductive Automation Ignition Base64Element Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to…

  • CVE-2023-50219May 3, 2024
    risk 0.01cvss epss 0.01

    Inductive Automation Ignition RunQuery Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit…

  • CVE-2023-50233May 3, 2024
    risk 0.00cvss epss 0.02

    Inductive Automation Ignition getJavaExecutable Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this…

  • CVE-2023-50232May 3, 2024
    risk 0.00cvss epss 0.01

    Inductive Automation Ignition getParams Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this…

  • CVE-2023-50222May 3, 2024
    risk 0.00cvss epss 0.01

    Inductive Automation Ignition ResponseParser Notification Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is…

  • CVE-2023-50221May 3, 2024
    risk 0.00cvss epss 0.01

    Inductive Automation Ignition ResponseParser SerializedResponse Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User…

  • CVE-2023-39477May 3, 2024
    risk 0.00cvss epss 0.01

    Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to…

  • CVE-2023-39476May 3, 2024
    risk 0.00cvss epss 0.02

    Inductive Automation Ignition JavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is not…

  • CVE-2023-39475May 3, 2024
    risk 0.00cvss epss 0.03

    Inductive Automation Ignition ParameterVersionJavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition.…

  • CVE-2023-39474May 3, 2024
    risk 0.00cvss epss 0.01

    Inductive Automation Ignition downloadLaunchClientJar Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability…

  • CVE-2023-39472May 3, 2024
    risk 0.00cvss epss 0.01

    Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Inductive Automation Ignition. Authentication is required…

  • CVE-2023-38123May 3, 2024
    risk 0.00cvss epss 0.01

    Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition. User interaction is…

  • CVE-2023-38122May 3, 2024
    risk 0.00cvss epss 0.01

    Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Although authentication is…

  • CVE-2023-38121May 3, 2024
    risk 0.00cvss epss 0.01

    Inductive Automation Ignition OPC UA Quick Client Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit…

  • CVE-2015-0995Apr 3, 2015
    risk 0.00cvss epss 0.01

    Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which makes it easier for context-dependent attackers to obtain access via a brute-force attack.

  • CVE-2015-0994Apr 3, 2015
    risk 0.00cvss epss 0.01

    Inductive Automation Ignition 7.7.2 allows remote authenticated users to bypass a brute-force protection mechanism by using different session ID values in a series of HTTP requests.

  • CVE-2015-0993Apr 3, 2015
    risk 0.00cvss epss 0.02

    Inductive Automation Ignition 7.7.2 does not terminate a session upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.

  • CVE-2015-0992Apr 3, 2015
    risk 0.00cvss epss 0.00

    Inductive Automation Ignition 7.7.2 stores cleartext OPC Server credentials, which allows local users to obtain sensitive information via unspecified vectors.

  • CVE-2015-0991Apr 3, 2015
    risk 0.00cvss epss 0.01

    Inductive Automation Ignition 7.7.2 allows remote attackers to obtain sensitive information by reading an error message about an unhandled exception, as demonstrated by pathname information.

  • CVE-2015-0976Apr 3, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Inductive Automation Ignition 7.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.