Vulnerabilities > Inductiveautomation > Ignition Gateway > 7.3.7

DATE CVE VULNERABILITY TITLE RISK
2020-06-09 CVE-2020-12004 Missing Authentication for Critical Function vulnerability in Inductiveautomation Ignition Gateway
The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.
network
low complexity
inductiveautomation CWE-306
7.5
7.5
2020-06-09 CVE-2020-12000 Deserialization of Untrusted Data vulnerability in Inductiveautomation Ignition Gateway
The affected product is vulnerable to the handling of serialized data.
network
low complexity
inductiveautomation CWE-502
7.5
7.5
2020-06-09 CVE-2020-10644 Deserialization of Untrusted Data vulnerability in Inductiveautomation Ignition Gateway
The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.
network
low complexity
inductiveautomation CWE-502
7.5
7.5