Search
Total
9 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1264 | 1 Inductiveautomation | 1 Ignition | 2022-07-27 | N/A | 8.8 HIGH |
| The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code. | |||||
| CVE-2022-36126 | 1 Inductiveautomation | 1 Ignition | 2022-07-22 | N/A | 7.2 HIGH |
| An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. The ScriptInvoke function allows remote attackers to execute arbitrary code by supplying a Python script. | |||||
| CVE-2022-35890 | 1 Inductiveautomation | 1 Ignition | 2022-07-21 | N/A | 9.8 CRITICAL |
| An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. Designer and Vision Client Session IDs are mishandled. An attacker can determine which session IDs were generated in the past and then hijack sessions assigned to these IDs via Randy. | |||||
| CVE-2015-0994 | 1 Inductiveautomation | 1 Ignition | 2015-04-03 | 4.0 MEDIUM | N/A |
| Inductive Automation Ignition 7.7.2 allows remote authenticated users to bypass a brute-force protection mechanism by using different session ID values in a series of HTTP requests. | |||||
| CVE-2015-0995 | 1 Inductiveautomation | 1 Ignition | 2015-04-03 | 5.0 MEDIUM | N/A |
| Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which makes it easier for context-dependent attackers to obtain access via a brute-force attack. | |||||
| CVE-2015-0993 | 1 Inductiveautomation | 1 Ignition | 2015-04-03 | 6.4 MEDIUM | N/A |
| Inductive Automation Ignition 7.7.2 does not terminate a session upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation. | |||||
| CVE-2015-0992 | 1 Inductiveautomation | 1 Ignition | 2015-04-03 | 2.1 LOW | N/A |
| Inductive Automation Ignition 7.7.2 stores cleartext OPC Server credentials, which allows local users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-0991 | 1 Inductiveautomation | 1 Ignition | 2015-04-03 | 5.0 MEDIUM | N/A |
| Inductive Automation Ignition 7.7.2 allows remote attackers to obtain sensitive information by reading an error message about an unhandled exception, as demonstrated by pathname information. | |||||
| CVE-2015-0976 | 1 Inductiveautomation | 1 Ignition | 2015-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Inductive Automation Ignition 7.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||