CVE-2022-1264 — Path Traversal in Automation Ignition

CWE-22 — Path Traversal20 documents5 sources

Severity

8.8HIGHNVD

CNA6.8

EPSS

0.4%

top 39.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Inductive Automation Ignition Inductiveautomation Ignition

Timeline

PublishedJul 20

Latest updateOct 25

Description

The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDinductiveautomation/ignition8.0.4 — 8.1.10

▶CVEListV5inductive_automation/ignition8.0.4 — All 8.0 versions*+1

🔴Vulnerability Details

GHSA

Gin-vue-admin subject to Remote Code Execution via file upload vulnerability↗2022-10-25

▶

GHSA

GHSA-q2p6-q4x9-rcrf: The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code↗2022-07-21

▶

CVEList

Inductive Automation Ignition↗2022-07-20

▶

📋Vendor Advisories

Microsoft

Chromium: CVE-2022-2480 Use after free in Service Worker API↗2022-07-12

▶

Microsoft

Chromium: CVE-2022-2478 Use after free in PDF↗2022-07-12

▶

Microsoft

Chromium: CVE-2022-2481 Use after free in Views↗2022-07-12

▶

Microsoft

Chromium: CVE-2022-2479 Insufficient validation of untrusted input in File↗2022-07-12

▶

Microsoft

Chromium: CVE-2022-2477 Use after free in Guest View↗2022-07-12

▶