Vulnerabilities > CVE-2020-14520 - Missing Authorization vulnerability in Inductiveautomation Ignition Gateway

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

inductiveautomation

CWE-862

NVD

Published: 2020-07-31

Updated: 2020-08-11

Summary

The affected product is vulnerable to an information leak, which may allow an attacker to obtain sensitive information on the Ignition 8 (all versions prior to 8.0.13).

Vulnerable Configurations

Part	Description	Count
Application	Inductiveautomation Inductiveautomation Ignition Gateway 8.0 Inductiveautomation Ignition Gateway 8.0.1 Inductiveautomation Ignition Gateway 8.0.2 Inductiveautomation Ignition Gateway 8.0.3 Inductiveautomation Ignition Gateway 8.0.4 Inductiveautomation Ignition Gateway 8.0.5 Inductiveautomation Ignition Gateway 8.0.6 Inductiveautomation Ignition Gateway 8.0.7 Inductiveautomation Ignition Gateway 8.0.8 Inductiveautomation Ignition Gateway 8.0.9 Inductiveautomation Ignition Gateway 8.0.10 Inductiveautomation Ignition Gateway 8.0.11 Inductiveautomation Ignition Gateway 8.0.12	13

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://us-cert.cisa.gov/ics/advisories/icsa-20-212-01