Inductiveautomation Ignition vulnerabilities

CVE-2023-39475 [CRITICAL] CWE-502 CVE-2023-39475: Inductive Automation Ignition ParameterVersionJavaSerializationCodec Deserialization of Untrusted Da Inductive Automation Ignition ParameterVersionJavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability. The specific flaw

CVE-2023-38121 [CRITICAL] CWE-79 CVE-2023-38121: Inductive Automation Ignition OPC UA Quick Client Cross-Site Scripting Remote Code Execution Vulnera Inductive Automation Ignition OPC UA Quick Client Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open

CVE-2023-39476 [CRITICAL] CWE-502 CVE-2023-39476: Inductive Automation Ignition JavaSerializationCodec Deserialization of Untrusted Data Remote Code E Inductive Automation Ignition JavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability. The specific flaw exists within t

CVE-2023-50222 [HIGH] CWE-502 CVE-2023-50222: Inductive Automation Ignition ResponseParser Notification Deserialization of Untrusted Data Remote C Inductive Automation Ignition ResponseParser Notification Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a

CVE-2023-50233 [HIGH] CWE-22 CVE-2023-50233: Inductive Automation Ignition getJavaExecutable Directory Traversal Remote Code Execution Vulnerabil Inductive Automation Ignition getJavaExecutable Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server. The s

CVE-2023-38123 [HIGH] CWE-306 CVE-2023-38123: Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function Authe Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must visit a ma

CVE-2023-50223 [HIGH] CWE-502 CVE-2023-50223: Inductive Automation Ignition ExtendedDocumentCodec Deserialization of Untrusted Data Remote Code Ex Inductive Automation Ignition ExtendedDocumentCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the Extend

CVE-2023-38122 [HIGH] CWE-942 CVE-2023-38122: Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code Executi Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Although authentication is required to exploit this vulnerability, the existing authentication mechanism c

CVE-2023-50221 [HIGH] CWE-502 CVE-2023-50221: Inductive Automation Ignition ResponseParser SerializedResponse Deserialization of Untrusted Data Re Inductive Automation Ignition ResponseParser SerializedResponse Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connec

CVE-2023-50220 [HIGH] CWE-502 CVE-2023-50220: Inductive Automation Ignition Base64Element Deserialization of Untrusted Data Remote Code Execution Inductive Automation Ignition Base64Element Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the Base64Element c

CVE-2023-50232 [HIGH] CWE-88 CVE-2023-50232: Inductive Automation Ignition getParams Argument Injection Remote Code Execution Vulnerability. This Inductive Automation Ignition getParams Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server. The specific f

CVE-2023-39477 [HIGH] CWE-400 CVE-2023-39477: Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of

CVE-2023-50218 [HIGH] CWE-502 CVE-2023-50218: Inductive Automation Ignition ModuleInvoke Deserialization of Untrusted Data Remote Code Execution V Inductive Automation Ignition ModuleInvoke Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the ModuleInvoke cl

CVE-2023-39473 [HIGH] CWE-502 CVE-2023-39473: Inductive Automation Ignition AbstractGatewayFunction Deserialization of Untrusted Data Remote Code Inductive Automation Ignition AbstractGatewayFunction Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the Abstr

CVE-2023-50219 [HIGH] CWE-502 CVE-2023-50219: Inductive Automation Ignition RunQuery Deserialization of Untrusted Data Remote Code Execution Vulne Inductive Automation Ignition RunQuery Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the RunQuery class. The

CVE-2023-39474 [HIGH] CWE-494 CVE-2023-39474: Inductive Automation Ignition downloadLaunchClientJar Remote Code Execution Vulnerability. This vuln Inductive Automation Ignition downloadLaunchClientJar Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server. The specific flaw

CVE-2023-38124 [HIGH] CWE-749 CVE-2023-38124: Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the

CVE-2023-39472 [MEDIUM] CWE-611 CVE-2023-39472: Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the Simpl

CVE-2022-1704 [CRITICAL] CWE-611 CVE-2022-1704: Due to an XML external entity reference, the software parses XML in the backup/restore functionality Due to an XML external entity reference, the software parses XML in the backup/restore functionality without XML security flags, which may lead to a XXE attack while restoring the backup.

CVE-2022-35869 [CRITICAL] CWE-288 CVE-2022-35869: This vulnerability allows remote attackers to bypass authentication on affected installations of Ind This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within com.inductiveautomation.ignition.gateway.web.pages. The issue results from the lack of proper authenticati