CVE-2015-0993
published 2015-04-03CVE-2015-0993: Inductive Automation Ignition 7.7.2 does not terminate a session upon a logout action, which allows remote attackers to bypass intended access restrictions by…
PriorityP338medium6.4CVSS 2.0
AVNACLAuNCPIPAN
EPSS
2.27%
80.8th percentile
Inductive Automation Ignition 7.7.2 does not terminate a session upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| inductiveautomation | ignition | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vjx9-qrpm-m3rw: Inductive Automation Ignition 7
ghsa_unreviewed·2022-05-17
CVE-2015-0993 [MEDIUM] GHSA-vjx9-qrpm-m3rw: Inductive Automation Ignition 7
Inductive Automation Ignition 7.7.2 does not terminate a session upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.
Project0
Déjà vu-lnerability - Project Zero
project_zero·2021-02-01
CVE-2014-9665 Déjà vu-lnerability - Project Zero
A Year in Review of 0-days Exploited In-The-Wild in 2020
Posted by Maddie Stone, Project Zero
2020 was a year full of 0-day exploits. Many of the Internet’s most popular browsers had their moment in the spotlight. Memory corruption is still the name of the game and how the vast majority of detected 0-days are getting in. While we tried new methods of 0-day detection with modest success, 2020 showed us that there is still a long way to go in detecting these 0-day exploits in-the-wild. But what may be the most notable fact is that 25% of the 0-days detected in 2020 are closely related to previously publicly disclosed vulnerabilities. In other words, 1 out of every 4 detected 0-day exploits could potentially have been avoided if a more thorough investigation and patching effort were explor
CISA ICS
Inductive Automation Ignition Vulnerabilities
cisa_ics·2018-08-27
Inductive Automation Ignition Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Inductive Automation Ignition Vulnerabilities
Last RevisedAugust 27, 2018
Alert CodeICSA-15-090-01
## OVERVIEW
Evgeny Druzhinin, Alexey Osipov, Ilya Karpov, and Gleb Gritsai of Positive Technologies have identified several vulnerabilities in Inductive Automation’s Ignition Software. Inductive Automation has produced a patch that mitigates these vulnerabilities.
These vulnerabilities could be exploited remotely.
## AFFECTED PRODUCTS
The following Inductive Automation product is affected:
- Inductive Automation Ignition 7.7.2
## IMPACT
Impact to individual organizations depe
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2015-04-03
Published