Inductiveautomation Ignition Gateway vulnerabilities
5 known vulnerabilities affecting inductiveautomation/ignition_gateway.
Total CVEs
5
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH5
Vulnerabilities
Page 1 of 1
CVE-2020-10644P2HIGHCVSS 7.5PoC≥ 7.2.4.48, < 7.9.14≥ 8.0, < 8.0.102020-06-09
CVE-2020-10644 [HIGH] CWE-502 CVE-2020-10644: The affected product lacks proper validation of user-supplied data, which can result in deserializat
The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.
nvd
CVE-2020-12004P2HIGHCVSS 7.5PoC≥ 7.2.4.48, < 7.9.14≥ 8.0, < 8.0.102020-06-09
CVE-2020-12004 [HIGH] CWE-306 CVE-2020-12004: The affected product lacks proper authentication required to query the server on the Ignition 8 Gate
The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.
nvd
CVE-2020-12000P3HIGHCVSS 7.5≥ 7.2.4.48, < 7.9.14≥ 8.0, < 8.0.102020-06-09
CVE-2020-12000 [HIGH] CWE-502 CVE-2020-12000: The affected product is vulnerable to the handling of serialized data. The issue results from the la
The affected product is vulnerable to the handling of serialized data. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive informa
nvd
CVE-2020-10641P3HIGHCVSS 7.5≥ 8.0, < 8.0.102020-04-28
CVE-2020-10641 [HIGH] CWE-284 CVE-2020-10641: An unprotected logging route may allow an attacker to write endless log statements into the database
An unprotected logging route may allow an attacker to write endless log statements into the database without space limits or authentication. This results in consuming the entire available hard-disk space on the Ignition 8 Gateway (versions prior to 8.0.10), causing a denial-of-service condition.
nvd
CVE-2020-14520P3HIGHCVSS 7.5≥ 8.0, < 8.0.132020-07-31
CVE-2020-14520 [HIGH] CWE-862 CVE-2020-14520: The affected product is vulnerable to an information leak, which may allow an attacker to obtain sen
The affected product is vulnerable to an information leak, which may allow an attacker to obtain sensitive information on the Ignition 8 (all versions prior to 8.0.13).
nvd