Inductive Automation Ignition vulnerabilities

CVE-2022-35869 [CRITICAL] CWE-288 CVE-2022-35869: This vulnerability allows remote attackers to bypass authentication on affected installations of Ind This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within com.inductiveautomation.ignition.gateway.web.pages. The issue results from the lack of proper authenticati

CVE-2022-35872 [HIGH] CWE-502 CVE-2022-35872: This vulnerability allows remote attackers to execute arbitrary code on affected installations of In This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ZIP files. The issue res

CVE-2022-35870 [HIGH] CWE-502 CVE-2022-35870: This vulnerability allows remote attackers to execute arbitrary code on affected installations of In This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within com.inductiveautomation.metro.impl. The issue res

CVE-2022-35873 [HIGH] CWE-356 CVE-2022-35873: This vulnerability allows remote attackers to execute arbitrary code on affected installations of In This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of ZIP files. Crafted da

CVE-2022-35871 [HIGH] CWE-306 CVE-2022-35871: This vulnerability allows remote attackers to execute arbitrary code on affected installations of In This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within the authenticateAdSso method. The issue results from the lack of authentication prior to allowing the executi

CVE-2022-1264 [HIGH] CWE-22 CVE-2022-1264: The affected product may allow an attacker with access to the Ignition web configuration to run arbi The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code.