cbcvebase.

Inductiveautomation Ignition vulnerabilities

36 known vulnerabilities affecting inductiveautomation/ignition.

Total CVEs
36
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL6HIGH20MEDIUM9LOW1

Vulnerabilities

Page 2 of 2
CVE-2022-36126P3HIGHCVSS 7.2fixed in 7.9.20≥ 8.0.1, < 8.1.172022-07-16
CVE-2022-36126 [HIGH] CWE-863 CVE-2022-36126: An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. The Sc An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. The ScriptInvoke function allows remote attackers to execute arbitrary code by supplying a Python script.
nvd
CVE-2022-35890P3CRITICALCVSS 9.8fixed in 7.9.20≥ 8.0.1, < 8.1.172022-07-15
CVE-2022-35890 [CRITICAL] CWE-863 CVE-2022-35890: An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. Design An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. Designer and Vision Client Session IDs are mishandled. An attacker can determine which session IDs were generated in the past and then hijack sessions assigned to these IDs via Randy.
nvd
CVE-2022-1704P3CRITICALCVSS 9.8≥ 7.9.0, < 7.9.21≥ 8.1.0, < 8.1.82022-08-05
CVE-2022-1704 [CRITICAL] CWE-611 CVE-2022-1704: Due to an XML external entity reference, the software parses XML in the backup/restore functionality Due to an XML external entity reference, the software parses XML in the backup/restore functionality without XML security flags, which may lead to a XXE attack while restoring the backup.
nvd
CVE-2023-39477P3HIGHCVSS 7.5≥ 8.1.0, < 8.1.332024-05-03
CVE-2023-39477 [HIGH] CWE-400 CVE-2023-39477: Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of
nvd
CVE-2023-39472P3MEDIUMCVSS 6.5≥ 8.1.0, < 8.1.322024-05-03
CVE-2023-39472 [MEDIUM] CWE-611 CVE-2023-39472: Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the Simpl
nvd
CVE-2022-35872P3HIGHCVSS 7.8v8.1.152022-07-25
CVE-2022-35872 [HIGH] CWE-502 CVE-2022-35872: This vulnerability allows remote attackers to execute arbitrary code on affected installations of In This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ZIP files. The issue res
nvd
CVE-2022-35873P3HIGHCVSS 7.8v8.1.152022-07-25
CVE-2022-35873 [HIGH] CWE-356 CVE-2022-35873: This vulnerability allows remote attackers to execute arbitrary code on affected installations of In This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of ZIP files. Crafted da
nvd
CVE-2015-0993P3MEDIUMCVSS 6.4v7.7.22015-04-03
CVE-2015-0993 [MEDIUM] CWE-254 CVE-2015-0993: Inductive Automation Ignition 7.7.2 does not terminate a session upon a logout action, which allows Inductive Automation Ignition 7.7.2 does not terminate a session upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.
nvd
CVE-2022-1706P3MEDIUMCVSS 6.5≥ 0, < 2.14.0+ds1-12022-05-17
CVE-2022-1706 [MEDIUM] CVE-2022-1706: A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the Ignition config contains secrets. The highest threat from this vulnerability is to data confidentiality. Possible workaround
osv
CVE-2025-13913P4MEDIUMCVSS 6.8fixed in 8.3.02026-03-12
CVE-2025-13913 [MEDIUM] CWE-502 CVE-2025-13913: A privileged Ignition user, intentionally or otherwise, imports an external file with a specially cr A privileged Ignition user, intentionally or otherwise, imports an external file with a specially crafted payload, which executes embedded malicious code.
nvd
CVE-2020-14479P4MEDIUMCVSS 5.3≥ 7.0.0, < 7.9.14≥ 8.0.1, ≤ 8.0.102022-04-01
CVE-2020-14479 [MEDIUM] CWE-306 CVE-2020-14479: Sensitive information can be obtained through the handling of serialized data. The issue results fro Sensitive information can be obtained through the handling of serialized data. The issue results from the lack of proper authentication required to query the server
nvd
CVE-2015-0995P4MEDIUMCVSS 5.0v7.7.22015-04-03
CVE-2015-0995 [MEDIUM] CWE-255 CVE-2015-0995: Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which makes it easier for context-depe Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which makes it easier for context-dependent attackers to obtain access via a brute-force attack.
nvd
CVE-2015-0994P4MEDIUMCVSS 4.0v7.7.22015-04-03
CVE-2015-0994 [MEDIUM] CWE-254 CVE-2015-0994: Inductive Automation Ignition 7.7.2 allows remote authenticated users to bypass a brute-force protec Inductive Automation Ignition 7.7.2 allows remote authenticated users to bypass a brute-force protection mechanism by using different session ID values in a series of HTTP requests.
nvd
CVE-2015-0976P4MEDIUMCVSS 4.3v7.7.22015-04-03
CVE-2015-0976 [MEDIUM] CWE-79 CVE-2015-0976: Cross-site scripting (XSS) vulnerability in Inductive Automation Ignition 7.7.2 allows remote attack Cross-site scripting (XSS) vulnerability in Inductive Automation Ignition 7.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2015-0991P4MEDIUMCVSS 5.0v7.7.22015-04-03
CVE-2015-0991 [MEDIUM] CWE-200 CVE-2015-0991: Inductive Automation Ignition 7.7.2 allows remote attackers to obtain sensitive information by readi Inductive Automation Ignition 7.7.2 allows remote attackers to obtain sensitive information by reading an error message about an unhandled exception, as demonstrated by pathname information.
nvd
CVE-2015-0992P4LOWCVSS 2.1v7.7.22015-04-03
CVE-2015-0992 [LOW] CWE-200 CVE-2015-0992: Inductive Automation Ignition 7.7.2 stores cleartext OPC Server credentials, which allows local user Inductive Automation Ignition 7.7.2 stores cleartext OPC Server credentials, which allows local users to obtain sensitive information via unspecified vectors.
nvd
Inductiveautomation Ignition vulnerabilities | cvebase