Page 4 of 21 results (0.003 seconds)

CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0

Inductive Automation Ignition 7.7.2 allows remote authenticated users to bypass a brute-force protection mechanism by using different session ID values in a series of HTTP requests. Inductive Automation Ignition 7.7.2 permite a usuarios remotos autenticados evadir un mecanismo de protección de fuerza bruta mediante el uso de valores de identificadores de sesión diferentes en una serie de solicitudes HTTP. • https://ics-cert.us-cert.gov/advisories/ICSA-15-090-01 • CWE-254: 7PK - Security Features •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in Inductive Automation Ignition 7.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Inductive Automation Ignition 7.7.2 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados. • https://ics-cert.us-cert.gov/advisories/ICSA-15-090-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

Inductive Automation Ignition 7.7.2 does not terminate a session upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation. Inductive Automation Ignition 7.7.2 no termina una sesión al iniciar una acción de cierre de sesión, lo que permite a atacantes remotos evadir las restricciones de acceso mediante el aprovechamiento de una estación de trabajo desatendida. • https://ics-cert.us-cert.gov/advisories/ICSA-15-090-01 • CWE-254: 7PK - Security Features •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which makes it easier for context-dependent attackers to obtain access via a brute-force attack. Inductive Automation Ignition 7.7.2 utiliza hashes de contraseñas MD5, lo que facilita a atacantes dependientes de contexto obtener el acceso a través de un ataque de fuerza bruta. • https://ics-cert.us-cert.gov/advisories/ICSA-15-090-01 • CWE-255: Credentials Management Errors •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0

Inductive Automation Ignition 7.7.2 stores cleartext OPC Server credentials, which allows local users to obtain sensitive information via unspecified vectors. Inductive Automation Ignition 7.7.2 almacena las credenciales del servidor OPC en texto claro, lo que permite a usuarios locales obtener información sensible a través de vectores no especificados. • https://ics-cert.us-cert.gov/advisories/ICSA-15-090-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •