Inductive Automation Ignition vulnerabilities
26 known vulnerabilities affecting inductive_automation/ignition.
Total CVEs
26
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL5HIGH19MEDIUM2
Vulnerabilities
Page 2 of 2
CVE-2022-1704P3CRITICALCVSS 9.8≥ 8.1, ≤ 8.1.7≥ All, < 7.9.212022-08-05
CVE-2022-1704 [CRITICAL] CWE-611 CVE-2022-1704: Due to an XML external entity reference, the software parses XML in the backup/restore functionality
Due to an XML external entity reference, the software parses XML in the backup/restore functionality without XML security flags, which may lead to a XXE attack while restoring the backup.
nvd
CVE-2023-39477P3HIGHCVSS 7.5v8.1.242024-05-03
CVE-2023-39477 [HIGH] CWE-400 CVE-2023-39477: Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability.
Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of
nvd
CVE-2023-39472P3MEDIUMCVSS 6.5v8.1.17 LTS2024-05-03
CVE-2023-39472 [MEDIUM] CWE-611 CVE-2023-39472: Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure
Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability.
The specific flaw exists within the Simpl
nvd
CVE-2022-35872P3HIGHCVSS 7.8v8.1.15 (b2022030114)2022-07-25
CVE-2022-35872 [HIGH] CWE-502 CVE-2022-35872: This vulnerability allows remote attackers to execute arbitrary code on affected installations of In
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ZIP files. The issue res
nvd
CVE-2022-35873P3HIGHCVSS 7.8v8.1.15 (b2022030114)2022-07-25
CVE-2022-35873 [HIGH] CWE-356 CVE-2022-35873: This vulnerability allows remote attackers to execute arbitrary code on affected installations of In
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of ZIP files. Crafted da
nvd
CVE-2025-13911P4MEDIUMCVSS 6.4v8.1.xv8.3.x2025-12-18
CVE-2025-13911 [MEDIUM] CWE-250 CVE-2025-13911: The vulnerability affects Ignition SCADA applications where Python scripting is utilized for automa
The vulnerability affects Ignition SCADA applications where Python
scripting is utilized for automation purposes. The vulnerability arises
from the absence of proper security controls that restrict which Python
libraries can be imported and executed within the scripting environment.
The core issue lies in the Ignition service account having system
pe
nvd
← Previous2 / 2