Vulnerabilities > Inductiveautomation

DATE CVE VULNERABILITY TITLE RISK
2022-08-05 CVE-2022-1704 Unspecified vulnerability in Inductiveautomation Ignition
Due to an XML external entity reference, the software parses XML in the backup/restore functionality without XML security flags, which may lead to a XXE attack while restoring the backup.
network
low complexity
inductiveautomation
critical
9.8
2022-07-25 CVE-2022-35869 Unspecified vulnerability in Inductiveautomation Ignition 8.1.15
This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114).
network
low complexity
inductiveautomation
critical
9.8
2022-07-25 CVE-2022-35870 Deserialization of Untrusted Data vulnerability in Inductiveautomation Ignition 8.1.15
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114).
local
low complexity
inductiveautomation CWE-502
7.8
2022-07-25 CVE-2022-35871 Unspecified vulnerability in Inductiveautomation Ignition 8.1.15
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114).
local
low complexity
inductiveautomation
7.8
2022-07-25 CVE-2022-35872 Unspecified vulnerability in Inductiveautomation Ignition 8.1.15
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114).
local
low complexity
inductiveautomation
7.8
2022-07-25 CVE-2022-35873 Unspecified vulnerability in Inductiveautomation Ignition 8.1.15
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114).
local
low complexity
inductiveautomation
7.8
2022-07-20 CVE-2022-1264 Unspecified vulnerability in Inductiveautomation Ignition
The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code.
network
low complexity
inductiveautomation
8.8
2022-07-16 CVE-2022-36126 Incorrect Authorization vulnerability in Inductiveautomation Ignition
An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17.
network
low complexity
inductiveautomation CWE-863
7.2
2022-07-15 CVE-2022-35890 Incorrect Authorization vulnerability in Inductiveautomation Ignition
An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17.
network
low complexity
inductiveautomation CWE-863
critical
9.8
2022-04-01 CVE-2020-14479 Missing Authentication for Critical Function vulnerability in Inductiveautomation Ignition
Sensitive information can be obtained through the handling of serialized data.
network
low complexity
inductiveautomation CWE-306
5.3