CVE-2015-0992
https://notcve.org/view.php?id=CVE-2015-0992
Inductive Automation Ignition 7.7.2 stores cleartext OPC Server credentials, which allows local users to obtain sensitive information via unspecified vectors. Inductive Automation Ignition 7.7.2 almacena las credenciales del servidor OPC en texto claro, lo que permite a usuarios locales obtener información sensible a través de vectores no especificados. • https://ics-cert.us-cert.gov/advisories/ICSA-15-090-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-0991
https://notcve.org/view.php?id=CVE-2015-0991
Inductive Automation Ignition 7.7.2 allows remote attackers to obtain sensitive information by reading an error message about an unhandled exception, as demonstrated by pathname information. Inductive Automation Ignition 7.7.2 permite a atacantes remotos obtener información sensible mediante la lectura de un mensaje de error sobre una excepción no manejado, tal y como fue demostrado por la información de nombres de rutas. • https://ics-cert.us-cert.gov/advisories/ICSA-15-090-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2009-4426 – Ignition 1.2 - Multiple Local File Inclusions
https://notcve.org/view.php?id=CVE-2009-4426
Multiple directory traversal vulnerabilities in Ignition 1.2, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the blog parameter to (1) comment.php and (2) view.php. Múltiples vulnerabilidades de salto de directorio en Ignition v1.2, cuando está deshabilitado magic_quotes_gpc, permite a atacantes remotos incluir y ejecutar ficheros de su elección mediante los caracteres .. (punto punto) en el parámetro "blog" en (1) comment.php y (2) view.php. • https://www.exploit-db.com/exploits/10569 http://osvdb.org/61225 http://osvdb.org/61226 http://packetstormsecurity.org/0912-exploits/ignition-lfi.txt http://secunia.com/advisories/37836 http://www.exploit-db.com/exploits/10569 https://exchange.xforce.ibmcloud.com/vulnerabilities/54940 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •