Vulnerabilities > Inductiveautomation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-01 | CVE-2020-14479 | Missing Authentication for Critical Function vulnerability in Inductiveautomation Ignition 7.7.2 Sensitive information can be obtained through the handling of serialized data. | 5.0 |
| 2020-07-31 | CVE-2020-14520 | Missing Authorization vulnerability in Inductiveautomation Ignition Gateway The affected product is vulnerable to an information leak, which may allow an attacker to obtain sensitive information on the Ignition 8 (all versions prior to 8.0.13). | 5.0 |
| 2020-06-09 | CVE-2020-12004 | Missing Authentication for Critical Function vulnerability in Inductiveautomation Ignition Gateway The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information. | 5.0 |
| 2020-06-09 | CVE-2020-12000 | Deserialization of Untrusted Data vulnerability in Inductiveautomation Ignition Gateway The affected product is vulnerable to the handling of serialized data. | 7.5 |
| 2020-06-09 | CVE-2020-10644 | Deserialization of Untrusted Data vulnerability in Inductiveautomation Ignition Gateway The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information. | 5.0 |
| 2020-04-28 | CVE-2020-10641 | Missing Authentication for Critical Function vulnerability in Inductiveautomation Ignition Gateway An unprotected logging route may allow an attacker to write endless log statements into the database without space limits or authentication. | 5.0 |
| 2015-04-03 | CVE-2015-0995 | Credentials Management vulnerability in Inductiveautomation Ignition 7.7.2 Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which makes it easier for context-dependent attackers to obtain access via a brute-force attack. | 5.0 |
| 2015-04-03 | CVE-2015-0994 | 7PK - Security Features vulnerability in Inductiveautomation Ignition 7.7.2 Inductive Automation Ignition 7.7.2 allows remote authenticated users to bypass a brute-force protection mechanism by using different session ID values in a series of HTTP requests. | 4.0 |
| 2015-04-03 | CVE-2015-0993 | 7PK - Security Features vulnerability in Inductiveautomation Ignition 7.7.2 Inductive Automation Ignition 7.7.2 does not terminate a session upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation. | 6.4 |
| 2015-04-03 | CVE-2015-0992 | Information Exposure vulnerability in Inductiveautomation Ignition 7.7.2 Inductive Automation Ignition 7.7.2 stores cleartext OPC Server credentials, which allows local users to obtain sensitive information via unspecified vectors. | 2.1 |