Vulnerabilities > CVE-2022-36126 - Incorrect Authorization vulnerability in Inductiveautomation Ignition

047910
CVSS 7.2 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
inductiveautomation
CWE-863
NVD
Published: 2022-07-16
Updated: 2022-07-22

Summary

An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. The ScriptInvoke function allows remote attackers to execute arbitrary code by supplying a Python script.

Vulnerable Configurations

Part Description Count
Application
Inductiveautomation
92

Common Weakness Enumeration (CWE)

References