cbcvebase.

Inductive Automation Ignition vulnerabilities

26 known vulnerabilities affecting inductive_automation/ignition.

Total CVEs
26
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL5HIGH19MEDIUM2

Vulnerabilities

Page 1 of 2
CVE-2022-35871P1HIGHCVSS 7.8Exploitedv8.1.15 (b2022030114)2022-07-25
CVE-2022-35871 [HIGH] CWE-306 CVE-2022-35871: This vulnerability allows remote attackers to execute arbitrary code on affected installations of In This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within the authenticateAdSso method. The issue results from the lack of authentication prior to allowing the executi
nvd
CVE-2022-35869P1CRITICALCVSS 9.8v8.1.15 (b2022030114)2022-07-25
CVE-2022-35869 [CRITICAL] CWE-288 CVE-2022-35869: This vulnerability allows remote attackers to bypass authentication on affected installations of Ind This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within com.inductiveautomation.ignition.gateway.web.pages. The issue results from the lack of proper authenticati
nvd
CVE-2023-38124P1HIGHCVSS 8.8v8.1.242024-05-03
CVE-2023-38124 [HIGH] CWE-749 CVE-2023-38124: Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the
nvd
CVE-2023-39473P2HIGHCVSS 8.8vInductive Automation Ignition 8.1.17 LTS2024-05-03
CVE-2023-39473 [HIGH] CWE-502 CVE-2023-39473: Inductive Automation Ignition AbstractGatewayFunction Deserialization of Untrusted Data Remote Code Inductive Automation Ignition AbstractGatewayFunction Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the Abstr
nvd
CVE-2023-50218P2HIGHCVSS 8.8v8.1.302024-05-03
CVE-2023-50218 [HIGH] CWE-502 CVE-2023-50218: Inductive Automation Ignition ModuleInvoke Deserialization of Untrusted Data Remote Code Execution V Inductive Automation Ignition ModuleInvoke Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the ModuleInvoke cl
nvd
CVE-2023-50223P2HIGHCVSS 8.8v6.4.1.2072024-05-03
CVE-2023-50223 [HIGH] CWE-502 CVE-2023-50223: Inductive Automation Ignition ExtendedDocumentCodec Deserialization of Untrusted Data Remote Code Ex Inductive Automation Ignition ExtendedDocumentCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the Extend
nvd
CVE-2023-39475P2CRITICALCVSS 9.8v8.1.252024-05-03
CVE-2023-39475 [CRITICAL] CWE-502 CVE-2023-39475: Inductive Automation Ignition ParameterVersionJavaSerializationCodec Deserialization of Untrusted Da Inductive Automation Ignition ParameterVersionJavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability. The specific flaw
nvd
CVE-2023-39476P2CRITICALCVSS 9.8v8.1.252024-05-03
CVE-2023-39476 [CRITICAL] CWE-502 CVE-2023-39476: Inductive Automation Ignition JavaSerializationCodec Deserialization of Untrusted Data Remote Code E Inductive Automation Ignition JavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability. The specific flaw exists within t
nvd
CVE-2023-50220P2HIGHCVSS 8.8v8.1.302024-05-03
CVE-2023-50220 [HIGH] CWE-502 CVE-2023-50220: Inductive Automation Ignition Base64Element Deserialization of Untrusted Data Remote Code Execution Inductive Automation Ignition Base64Element Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the Base64Element c
nvd
CVE-2022-35870P3HIGHCVSS 7.8v8.1.15 (b2022030114)2022-07-25
CVE-2022-35870 [HIGH] CWE-502 CVE-2022-35870: This vulnerability allows remote attackers to execute arbitrary code on affected installations of In This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within com.inductiveautomation.metro.impl. The issue res
nvd
CVE-2023-50219P2HIGHCVSS 8.8v8.1.302024-05-03
CVE-2023-50219 [HIGH] CWE-502 CVE-2023-50219: Inductive Automation Ignition RunQuery Deserialization of Untrusted Data Remote Code Execution Vulne Inductive Automation Ignition RunQuery Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the RunQuery class. The
nvd
CVE-2023-50233P2HIGHCVSS 8.8v8.1.312024-05-03
CVE-2023-50233 [HIGH] CWE-22 CVE-2023-50233: Inductive Automation Ignition getJavaExecutable Directory Traversal Remote Code Execution Vulnerabil Inductive Automation Ignition getJavaExecutable Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server. The s
nvd
CVE-2023-50232P3HIGHCVSS 8.8v8.1.312024-05-03
CVE-2023-50232 [HIGH] CWE-88 CVE-2023-50232: Inductive Automation Ignition getParams Argument Injection Remote Code Execution Vulnerability. This Inductive Automation Ignition getParams Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server. The specific f
nvd
CVE-2023-50222P3HIGHCVSS 8.8v8.1.312024-05-03
CVE-2023-50222 [HIGH] CWE-502 CVE-2023-50222: Inductive Automation Ignition ResponseParser Notification Deserialization of Untrusted Data Remote C Inductive Automation Ignition ResponseParser Notification Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a
nvd
CVE-2023-50221P3HIGHCVSS 8.8v8.1.312024-05-03
CVE-2023-50221 [HIGH] CWE-502 CVE-2023-50221: Inductive Automation Ignition ResponseParser SerializedResponse Deserialization of Untrusted Data Re Inductive Automation Ignition ResponseParser SerializedResponse Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connec
nvd
CVE-2023-38123P3HIGHCVSS 8.8v8.1.242024-05-03
CVE-2023-38123 [HIGH] CWE-306 CVE-2023-38123: Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function Authe Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must visit a ma
nvd
CVE-2022-1264P3HIGHCVSS 8.8vAll 8.1 versions 8.1.10≥ 8.0.4, < All 8.0 versions*2022-07-20
CVE-2022-1264 [HIGH] CWE-22 CVE-2022-1264: The affected product may allow an attacker with access to the Ignition web configuration to run arbi The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code.
nvd
CVE-2023-38122P3HIGHCVSS 7.2v8.1.242024-05-03
CVE-2023-38122 [HIGH] CWE-942 CVE-2023-38122: Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code Executi Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Although authentication is required to exploit this vulnerability, the existing authentication mechanism c
nvd
CVE-2023-39474P3HIGHCVSS 8.8v8.1.24-RC / 1.1.24-RC2024-05-03
CVE-2023-39474 [HIGH] CWE-494 CVE-2023-39474: Inductive Automation Ignition downloadLaunchClientJar Remote Code Execution Vulnerability. This vuln Inductive Automation Ignition downloadLaunchClientJar Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server. The specific flaw
nvd
CVE-2023-38121P3CRITICALCVSS 9.0v8.1.242024-05-03
CVE-2023-38121 [CRITICAL] CWE-79 CVE-2023-38121: Inductive Automation Ignition OPC UA Quick Client Cross-Site Scripting Remote Code Execution Vulnera Inductive Automation Ignition OPC UA Quick Client Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open
nvd
Inductive Automation Ignition vulnerabilities | cvebase