CVSS: 8.3EPSS: 3%CPEs: 2EXPL: 1CVE-2022-36126
https://notcve.org/view.php?id=CVE-2022-36126
16 Jul 2022 — An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. The ScriptInvoke function allows remote attackers to execute arbitrary code by supplying a Python script. Se ha detectado un problema en Inductive Automation Ignition versiones anteriores a 7.9.20 y versiones 8.x anteriores a 8.1.17. La función ScriptInvoke permite a atacantes remotos ejecutar código arbitrario mediante el suministro de un script de Python • https://github.com/sourceincite/randy • CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2022-35890
https://notcve.org/view.php?id=CVE-2022-35890
15 Jul 2022 — An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. Designer and Vision Client Session IDs are mishandled. An attacker can determine which session IDs were generated in the past and then hijack sessions assigned to these IDs via Randy. Se ha detectado un problema en Inductive Automation Ignition versiones anteriores a 7.9.20 y versiones 8.x anteriores a 8.1.17. Los identificadores de sesión de los clientes Designer y Vision son manejados de forma inapropiada. • https://github.com/sourceincite/randy • CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-14479 – ICSA-20-147-01 Inductive Automation Ignition (Update B)
https://notcve.org/view.php?id=CVE-2020-14479
01 Apr 2022 — Sensitive information can be obtained through the handling of serialized data. The issue results from the lack of proper authentication required to query the server Puede obtenerse información confidencial mediante el manejo de datos serializados. El problema es debido a una falta de autenticación apropiada requerida para consultar el servidor • https://www.cisa.gov/uscert/ics/advisories/icsa-20-147-01 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0993
https://notcve.org/view.php?id=CVE-2015-0993
03 Apr 2015 — Inductive Automation Ignition 7.7.2 does not terminate a session upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation. Inductive Automation Ignition 7.7.2 no termina una sesión al iniciar una acción de cierre de sesión, lo que permite a atacantes remotos evadir las restricciones de acceso mediante el aprovechamiento de una estación de trabajo desatendida. • https://ics-cert.us-cert.gov/advisories/ICSA-15-090-01 • CWE-254: 7PK - Security Features •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0992
https://notcve.org/view.php?id=CVE-2015-0992
03 Apr 2015 — Inductive Automation Ignition 7.7.2 stores cleartext OPC Server credentials, which allows local users to obtain sensitive information via unspecified vectors. Inductive Automation Ignition 7.7.2 almacena las credenciales del servidor OPC en texto claro, lo que permite a usuarios locales obtener información sensible a través de vectores no especificados. • https://ics-cert.us-cert.gov/advisories/ICSA-15-090-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0994
https://notcve.org/view.php?id=CVE-2015-0994
03 Apr 2015 — Inductive Automation Ignition 7.7.2 allows remote authenticated users to bypass a brute-force protection mechanism by using different session ID values in a series of HTTP requests. Inductive Automation Ignition 7.7.2 permite a usuarios remotos autenticados evadir un mecanismo de protección de fuerza bruta mediante el uso de valores de identificadores de sesión diferentes en una serie de solicitudes HTTP. • https://ics-cert.us-cert.gov/advisories/ICSA-15-090-01 • CWE-254: 7PK - Security Features •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0995
https://notcve.org/view.php?id=CVE-2015-0995
03 Apr 2015 — Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which makes it easier for context-dependent attackers to obtain access via a brute-force attack. Inductive Automation Ignition 7.7.2 utiliza hashes de contraseñas MD5, lo que facilita a atacantes dependientes de contexto obtener el acceso a través de un ataque de fuerza bruta. • https://ics-cert.us-cert.gov/advisories/ICSA-15-090-01 • CWE-255: Credentials Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0976
https://notcve.org/view.php?id=CVE-2015-0976
03 Apr 2015 — Cross-site scripting (XSS) vulnerability in Inductive Automation Ignition 7.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Inductive Automation Ignition 7.7.2 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados. • https://ics-cert.us-cert.gov/advisories/ICSA-15-090-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0991
https://notcve.org/view.php?id=CVE-2015-0991
03 Apr 2015 — Inductive Automation Ignition 7.7.2 allows remote attackers to obtain sensitive information by reading an error message about an unhandled exception, as demonstrated by pathname information. Inductive Automation Ignition 7.7.2 permite a atacantes remotos obtener información sensible mediante la lectura de un mensaje de error sobre una excepción no manejado, tal y como fue demostrado por la información de nombres de rutas. • https://ics-cert.us-cert.gov/advisories/ICSA-15-090-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •