CVE-2020-14479
published 2022-04-01CVE-2020-14479: Sensitive information can be obtained through the handling of serialized data. The issue results from the lack of proper authentication required to query the…
PriorityP427medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.85%
53.6th percentile
Sensitive information can be obtained through the handling of serialized data. The issue results from the lack of proper authentication required to query the server
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| inductive_automation | ignition_7_gateway | >= All < 7.9.14 | 7.9.14 |
| inductive_automation | ignition_8_gateway | >= All < 8.0.10 | 8.0.10 |
| inductiveautomation | ignition | >= 7.0.0 < 7.9.14 | 7.9.14 |
| inductiveautomation | ignition | 8.0.1 – 8.0.10 | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vgmg-2c72-8q95: Sensitive information can be obtained through the handling of serialized data
ghsa_unreviewed·2022-04-03
CVE-2020-14479 [MEDIUM] CWE-306 GHSA-vgmg-2c72-8q95: Sensitive information can be obtained through the handling of serialized data
Sensitive information can be obtained through the handling of serialized data. The issue results from the lack of proper authentication required to query the server
CISA ICS
Inductive Automation Ignition (Update B)
cisa_ics·2020-06-02·CVSS 7.5
[HIGH] Inductive Automation Ignition (Update B)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Inductive Automation Ignition (Update B)
Last RevisedJuly 14, 2020
Alert CodeICSA-20-147-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Inductive Automation
- Equipment: Ignition
- Vulnerabilities: Missing Authentication for Critical Function, Deserialization of Untrusted Data
## 2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-20-147-01 Inductive Automation Ignition (Update A) that was published June 2, 2020, on the ICS webpage on us-cert.gov.
## 3. RISK EVALUA
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-04-01
Published