Vulnerabilites related to Inductive Automation - Ignition
var-201504-0065
Vulnerability from variot
Inductive Automation Ignition 7.7.2 allows remote authenticated users to bypass a brute-force protection mechanism by using different session ID values in a series of HTTP requests. Inductive Automation Ignition The brute force ( Brute force attack ) A vulnerability exists that bypasses the protection mechanism. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. Ignition is an updated version of FactoryPMI, Human Interface/SCADA, from Inductive Automation. Ignition prevents security attacks from violent attacks. An attacker can exploit this issue to bypass certain security restrictions and aid in brute-force attacks; other attacks may also be possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201504-0065",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ignition",
"scope": "eq",
"trust": 1.6,
"vendor": "inductiveautomation",
"version": "7.7.2"
},
{
"model": "automation ignition",
"scope": "eq",
"trust": 0.9,
"vendor": "inductive",
"version": "7.7.2"
},
{
"model": "ignition",
"scope": "eq",
"trust": 0.8,
"vendor": "inductive automation",
"version": "7.7.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ignition",
"version": "7.7.2"
}
],
"sources": [
{
"db": "IVD",
"id": "98e7af6e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02157"
},
{
"db": "BID",
"id": "73473"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002073"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-055"
},
{
"db": "NVD",
"id": "CVE-2015-0994"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:inductiveautomation:ignition",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002073"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Evgeny Druzhinin, Alexey Osipov, Ilya Karpov, and Gleb Gritsai of Positive Technologies.",
"sources": [
{
"db": "BID",
"id": "73473"
}
],
"trust": 0.3
},
"cve": "CVE-2015-0994",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2015-0994",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2015-02157",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "98e7af6e-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-0994",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-0994",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-02157",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201504-055",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "98e7af6e-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-0994",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "98e7af6e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02157"
},
{
"db": "VULMON",
"id": "CVE-2015-0994"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002073"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-055"
},
{
"db": "NVD",
"id": "CVE-2015-0994"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Inductive Automation Ignition 7.7.2 allows remote authenticated users to bypass a brute-force protection mechanism by using different session ID values in a series of HTTP requests. Inductive Automation Ignition The brute force ( Brute force attack ) A vulnerability exists that bypasses the protection mechanism. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. Ignition is an updated version of FactoryPMI, Human Interface/SCADA, from Inductive Automation. Ignition prevents security attacks from violent attacks. \nAn attacker can exploit this issue to bypass certain security restrictions and aid in brute-force attacks; other attacks may also be possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0994"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002073"
},
{
"db": "CNVD",
"id": "CNVD-2015-02157"
},
{
"db": "BID",
"id": "73473"
},
{
"db": "IVD",
"id": "98e7af6e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULMON",
"id": "CVE-2015-0994"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0994",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-090-01",
"trust": 3.4
},
{
"db": "CNVD",
"id": "CNVD-2015-02157",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201504-055",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002073",
"trust": 0.8
},
{
"db": "BID",
"id": "73473",
"trust": 0.4
},
{
"db": "IVD",
"id": "98E7AF6E-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2015-0994",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "98e7af6e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02157"
},
{
"db": "VULMON",
"id": "CVE-2015-0994"
},
{
"db": "BID",
"id": "73473"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002073"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-055"
},
{
"db": "NVD",
"id": "CVE-2015-0994"
}
]
},
"id": "VAR-201504-0065",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "98e7af6e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02157"
}
],
"trust": 1.53125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "98e7af6e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02157"
}
]
},
"last_update_date": "2024-11-23T21:44:19.704000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Downloads",
"trust": 0.8,
"url": "https://www.inductiveautomation.com/downloads/ignition"
},
{
"title": "Inductive Automation Ignition security bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/56894"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02157"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002073"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-254",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002073"
},
{
"db": "NVD",
"id": "CVE-2015-0994"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-090-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0994"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0994"
},
{
"trust": 0.3,
"url": "https://www.inductiveautomation.com/downloads/ignition"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/254.html"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/73473"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02157"
},
{
"db": "VULMON",
"id": "CVE-2015-0994"
},
{
"db": "BID",
"id": "73473"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002073"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-055"
},
{
"db": "NVD",
"id": "CVE-2015-0994"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "98e7af6e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02157"
},
{
"db": "VULMON",
"id": "CVE-2015-0994"
},
{
"db": "BID",
"id": "73473"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002073"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-055"
},
{
"db": "NVD",
"id": "CVE-2015-0994"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-03T00:00:00",
"db": "IVD",
"id": "98e7af6e-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-04-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02157"
},
{
"date": "2015-04-03T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0994"
},
{
"date": "2015-03-31T00:00:00",
"db": "BID",
"id": "73473"
},
{
"date": "2015-04-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002073"
},
{
"date": "2015-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-055"
},
{
"date": "2015-04-03T10:59:16.363000",
"db": "NVD",
"id": "CVE-2015-0994"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02157"
},
{
"date": "2015-04-03T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0994"
},
{
"date": "2015-03-31T00:00:00",
"db": "BID",
"id": "73473"
},
{
"date": "2015-04-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002073"
},
{
"date": "2015-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-055"
},
{
"date": "2024-11-21T02:24:06.087000",
"db": "NVD",
"id": "CVE-2015-0994"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-055"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Inductive Automation Ignition Security Bypass Vulnerability",
"sources": [
{
"db": "IVD",
"id": "98e7af6e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02157"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access Validation Error",
"sources": [
{
"db": "BID",
"id": "73473"
}
],
"trust": 0.3
}
}
var-202006-0006
Vulnerability from variot
The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information. Ignition Is Inductive Automation Industrial software provided by. Ignition Is vulnerable to several vulnerabilities: * Lack of authentication for important features (CWE-306) - CVE-2020-12004, CVE-2020-14479 * Deserialize untrusted data (CWE-502) - CVE-2020-10644, CVE-2020-12000The expected impact depends on each vulnerability, but it may be affected as follows. * Confidential information is stolen by a remote third party because authentication is not performed when requesting a query to the server - CVE-2020-12004, CVE-2020-14479 * Inadequate validation of serialized data deserializes untrusted data provided by a remote third party and executes arbitrary code with system privileges - CVE-2020-10644, CVE-2020-12000. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists with the handling of project diffs. An attacker can leverage this to execute code in the context of SYSTEM. The platform supports SCADA (Data Acquisition and Monitoring System), HMI (Human Machine Interface), etc. Attackers can use this vulnerability to obtain sensitive information
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "ignition gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "inductiveautomation",
"version": "7.9.14"
},
{
"_id": null,
"model": "ignition gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "inductiveautomation",
"version": "7.2.4.48"
},
{
"_id": null,
"model": "ignition gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "inductiveautomation",
"version": "8.0.10"
},
{
"_id": null,
"model": "ignition gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "inductiveautomation",
"version": "8.0"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "ignition gateway",
"version": "*"
},
{
"_id": null,
"model": "ignition",
"scope": "eq",
"trust": 0.8,
"vendor": "inductive automation",
"version": "8.0.10"
},
{
"_id": null,
"model": "ignition",
"scope": null,
"trust": 0.7,
"vendor": "inductive automation",
"version": null
},
{
"_id": null,
"model": "automation ignition",
"scope": "lt",
"trust": 0.6,
"vendor": "inductive",
"version": "8.0.10"
},
{
"_id": null,
"model": "automation ignition",
"scope": "lt",
"trust": 0.6,
"vendor": "inductive",
"version": "7.9.14"
}
],
"sources": [
{
"db": "IVD",
"id": "0243acd1-a6e8-498a-bb1d-677fa500ffe3"
},
{
"db": "IVD",
"id": "0df72e19-8991-452b-aa9e-dfb4039451cc"
},
{
"db": "ZDI",
"id": "ZDI-20-686"
},
{
"db": "CNVD",
"id": "CNVD-2020-34643"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004797"
},
{
"db": "NVD",
"id": "CVE-2020-10644"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:inductiveautomation:ignition",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004797"
}
]
},
"credits": {
"_id": null,
"data": "Team FLASHBACK: Pedro Ribeiro (pedrib@gmail.com|@pedrib1337) and Radek Domanski (@RabbitPro)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-686"
}
],
"trust": 0.7
},
"cve": "CVE-2020-10644",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-10644",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-34643",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "0243acd1-a6e8-498a-bb1d-677fa500ffe3",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "0df72e19-8991-452b-aa9e-dfb4039451cc",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-163143",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-004797",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 1.6,
"userInteraction": "None",
"vectorString": "3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-10644",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-004797",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-004797",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-10644",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2020-004797",
"trust": 1.6,
"value": "Medium"
},
{
"author": "IPA",
"id": "JVNDB-2020-004797",
"trust": 1.6,
"value": "Critical"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2020-10644",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2020-10644",
"trust": 0.7,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2020-34643",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-1323",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "0243acd1-a6e8-498a-bb1d-677fa500ffe3",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "0df72e19-8991-452b-aa9e-dfb4039451cc",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-163143",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "0243acd1-a6e8-498a-bb1d-677fa500ffe3"
},
{
"db": "IVD",
"id": "0df72e19-8991-452b-aa9e-dfb4039451cc"
},
{
"db": "ZDI",
"id": "ZDI-20-686"
},
{
"db": "CNVD",
"id": "CNVD-2020-34643"
},
{
"db": "VULHUB",
"id": "VHN-163143"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004797"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004797"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004797"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004797"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1323"
},
{
"db": "NVD",
"id": "CVE-2020-10644"
}
]
},
"description": {
"_id": null,
"data": "The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information. Ignition Is Inductive Automation Industrial software provided by. Ignition Is vulnerable to several vulnerabilities: * Lack of authentication for important features (CWE-306) - CVE-2020-12004, CVE-2020-14479 * Deserialize untrusted data (CWE-502) - CVE-2020-10644, CVE-2020-12000The expected impact depends on each vulnerability, but it may be affected as follows. * Confidential information is stolen by a remote third party because authentication is not performed when requesting a query to the server - CVE-2020-12004, CVE-2020-14479 * Inadequate validation of serialized data deserializes untrusted data provided by a remote third party and executes arbitrary code with system privileges - CVE-2020-10644, CVE-2020-12000. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists with the handling of project diffs. An attacker can leverage this to execute code in the context of SYSTEM. The platform supports SCADA (Data Acquisition and Monitoring System), HMI (Human Machine Interface), etc. Attackers can use this vulnerability to obtain sensitive information",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10644"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004797"
},
{
"db": "ZDI",
"id": "ZDI-20-686"
},
{
"db": "CNVD",
"id": "CNVD-2020-34643"
},
{
"db": "IVD",
"id": "0243acd1-a6e8-498a-bb1d-677fa500ffe3"
},
{
"db": "IVD",
"id": "0df72e19-8991-452b-aa9e-dfb4039451cc"
},
{
"db": "VULHUB",
"id": "VHN-163143"
}
],
"trust": 3.24
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-163143",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163143"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-10644",
"trust": 4.2
},
{
"db": "ICS CERT",
"id": "ICSA-20-147-01",
"trust": 3.1
},
{
"db": "PACKETSTORM",
"id": "158226",
"trust": 1.7
},
{
"db": "ZDI",
"id": "ZDI-20-686",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2020-34643",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1323",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU91608150",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004797",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10276",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "46771",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1872",
"trust": 0.6
},
{
"db": "IVD",
"id": "0243ACD1-A6E8-498A-BB1D-677FA500FFE3",
"trust": 0.2
},
{
"db": "IVD",
"id": "0DF72E19-8991-452B-AA9E-DFB4039451CC",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-163143",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "0243acd1-a6e8-498a-bb1d-677fa500ffe3"
},
{
"db": "IVD",
"id": "0df72e19-8991-452b-aa9e-dfb4039451cc"
},
{
"db": "ZDI",
"id": "ZDI-20-686"
},
{
"db": "CNVD",
"id": "CNVD-2020-34643"
},
{
"db": "VULHUB",
"id": "VHN-163143"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004797"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1323"
},
{
"db": "NVD",
"id": "CVE-2020-10644"
}
]
},
"id": "VAR-202006-0006",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "0243acd1-a6e8-498a-bb1d-677fa500ffe3"
},
{
"db": "IVD",
"id": "0df72e19-8991-452b-aa9e-dfb4039451cc"
},
{
"db": "CNVD",
"id": "CNVD-2020-34643"
},
{
"db": "VULHUB",
"id": "VHN-163143"
}
],
"trust": 1.83125
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "0243acd1-a6e8-498a-bb1d-677fa500ffe3"
},
{
"db": "IVD",
"id": "0df72e19-8991-452b-aa9e-dfb4039451cc"
},
{
"db": "CNVD",
"id": "CNVD-2020-34643"
}
]
},
"last_update_date": "2024-11-23T21:59:12.805000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Ignition Release Notes",
"trust": 0.8,
"url": "https://inductiveautomation.com/downloads/releasenotes/8.0.10"
},
{
"title": "Inductive Automation has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01"
},
{
"title": "Patch for Inductive Automation Ignition code issue vulnerability (CNVD-2020-34643)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/223069"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-686"
},
{
"db": "CNVD",
"id": "CNVD-2020-34643"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004797"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-502",
"trust": 1.9
},
{
"problemtype": "CWE-306",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163143"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004797"
},
{
"db": "NVD",
"id": "CVE-2020-10644"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 4.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/158226/inductive-automation-ignition-remote-code-execution.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-14479"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12004"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10644"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12000"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91608150/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1872/"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-686/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10644"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/46771"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-686"
},
{
"db": "CNVD",
"id": "CNVD-2020-34643"
},
{
"db": "VULHUB",
"id": "VHN-163143"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004797"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1323"
},
{
"db": "NVD",
"id": "CVE-2020-10644"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "0243acd1-a6e8-498a-bb1d-677fa500ffe3",
"ident": null
},
{
"db": "IVD",
"id": "0df72e19-8991-452b-aa9e-dfb4039451cc",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-686",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2020-34643",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-163143",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004797",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1323",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-10644",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-05-26T00:00:00",
"db": "IVD",
"id": "0243acd1-a6e8-498a-bb1d-677fa500ffe3",
"ident": null
},
{
"date": "2020-05-26T00:00:00",
"db": "IVD",
"id": "0df72e19-8991-452b-aa9e-dfb4039451cc",
"ident": null
},
{
"date": "2020-06-01T00:00:00",
"db": "ZDI",
"id": "ZDI-20-686",
"ident": null
},
{
"date": "2020-06-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-34643",
"ident": null
},
{
"date": "2020-06-09T00:00:00",
"db": "VULHUB",
"id": "VHN-163143",
"ident": null
},
{
"date": "2020-05-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004797",
"ident": null
},
{
"date": "2020-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-1323",
"ident": null
},
{
"date": "2020-06-09T18:15:10.590000",
"db": "NVD",
"id": "CVE-2020-10644",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-06-29T00:00:00",
"db": "ZDI",
"id": "ZDI-20-686",
"ident": null
},
{
"date": "2020-06-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-34643",
"ident": null
},
{
"date": "2020-06-25T00:00:00",
"db": "VULHUB",
"id": "VHN-163143",
"ident": null
},
{
"date": "2020-07-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004797",
"ident": null
},
{
"date": "2020-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-1323",
"ident": null
},
{
"date": "2024-11-21T04:55:45.780000",
"db": "NVD",
"id": "CVE-2020-10644",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-1323"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Inductive Automation Made Ignition Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004797"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "0243acd1-a6e8-498a-bb1d-677fa500ffe3"
},
{
"db": "IVD",
"id": "0df72e19-8991-452b-aa9e-dfb4039451cc"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1323"
}
],
"trust": 1.0
}
}
var-201504-0077
Vulnerability from variot
Inductive Automation Ignition 7.7.2 allows remote attackers to obtain sensitive information by reading an error message about an unhandled exception, as demonstrated by pathname information. Ignition is an updated version of FactoryPMI, Human Interface/SCADA, from Inductive Automation. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201504-0077",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ignition",
"scope": "eq",
"trust": 1.6,
"vendor": "inductiveautomation",
"version": "7.7.2"
},
{
"model": "automation ignition",
"scope": "eq",
"trust": 0.9,
"vendor": "inductive",
"version": "7.7.2"
},
{
"model": "ignition",
"scope": "eq",
"trust": 0.8,
"vendor": "inductive automation",
"version": "7.7.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ignition",
"version": "7.7.2"
}
],
"sources": [
{
"db": "IVD",
"id": "98e009a8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02154"
},
{
"db": "BID",
"id": "73471"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002070"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-052"
},
{
"db": "NVD",
"id": "CVE-2015-0991"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:inductiveautomation:ignition",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002070"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Evgeny Druzhinin, Alexey Osipov, Ilya Karpov, and Gleb Gritsai.",
"sources": [
{
"db": "BID",
"id": "73471"
}
],
"trust": 0.3
},
"cve": "CVE-2015-0991",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-0991",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-02154",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "98e009a8-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-0991",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-0991",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-02154",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201504-052",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "98e009a8-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-0991",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "98e009a8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02154"
},
{
"db": "VULMON",
"id": "CVE-2015-0991"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002070"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-052"
},
{
"db": "NVD",
"id": "CVE-2015-0991"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Inductive Automation Ignition 7.7.2 allows remote attackers to obtain sensitive information by reading an error message about an unhandled exception, as demonstrated by pathname information. Ignition is an updated version of FactoryPMI, Human Interface/SCADA, from Inductive Automation. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0991"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002070"
},
{
"db": "CNVD",
"id": "CNVD-2015-02154"
},
{
"db": "BID",
"id": "73471"
},
{
"db": "IVD",
"id": "98e009a8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULMON",
"id": "CVE-2015-0991"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0991",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-090-01",
"trust": 3.4
},
{
"db": "CNVD",
"id": "CNVD-2015-02154",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201504-052",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002070",
"trust": 0.8
},
{
"db": "BID",
"id": "73471",
"trust": 0.4
},
{
"db": "IVD",
"id": "98E009A8-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2015-0991",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "98e009a8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02154"
},
{
"db": "VULMON",
"id": "CVE-2015-0991"
},
{
"db": "BID",
"id": "73471"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002070"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-052"
},
{
"db": "NVD",
"id": "CVE-2015-0991"
}
]
},
"id": "VAR-201504-0077",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "98e009a8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02154"
}
],
"trust": 1.53125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "98e009a8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02154"
}
]
},
"last_update_date": "2024-11-23T21:44:19.892000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Downloads",
"trust": 0.8,
"url": "https://www.inductiveautomation.com/downloads/ignition"
},
{
"title": "Patch for Inductive Automation Ignition Information Disclosure Vulnerability (CNVD-2015-02154)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/56899"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02154"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002070"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002070"
},
{
"db": "NVD",
"id": "CVE-2015-0991"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-090-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0991"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0991"
},
{
"trust": 0.3,
"url": "http://www.inductiveautomation.com/scada-software"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/73471"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02154"
},
{
"db": "VULMON",
"id": "CVE-2015-0991"
},
{
"db": "BID",
"id": "73471"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002070"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-052"
},
{
"db": "NVD",
"id": "CVE-2015-0991"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "98e009a8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02154"
},
{
"db": "VULMON",
"id": "CVE-2015-0991"
},
{
"db": "BID",
"id": "73471"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002070"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-052"
},
{
"db": "NVD",
"id": "CVE-2015-0991"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-03T00:00:00",
"db": "IVD",
"id": "98e009a8-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-04-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02154"
},
{
"date": "2015-04-03T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0991"
},
{
"date": "2015-03-31T00:00:00",
"db": "BID",
"id": "73471"
},
{
"date": "2015-04-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002070"
},
{
"date": "2015-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-052"
},
{
"date": "2015-04-03T10:59:13.317000",
"db": "NVD",
"id": "CVE-2015-0991"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02154"
},
{
"date": "2015-04-03T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0991"
},
{
"date": "2015-03-31T00:00:00",
"db": "BID",
"id": "73471"
},
{
"date": "2015-04-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002070"
},
{
"date": "2015-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-052"
},
{
"date": "2024-11-21T02:24:05.757000",
"db": "NVD",
"id": "CVE-2015-0991"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-052"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Inductive Automation Ignition Vulnerability in which important information is obtained",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002070"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-052"
}
],
"trust": 0.6
}
}
var-201504-0075
Vulnerability from variot
Cross-site scripting (XSS) vulnerability in Inductive Automation Ignition 7.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Ignition is an updated version of FactoryPMI, Human Interface/SCADA, from Inductive Automation. Ignition has a security vulnerability that could allow an attacker to execute malicious content in a vulnerable web application. The server reads the data directly from the HTTP request and then returns it in the HTTP response. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201504-0075",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ignition",
"scope": "eq",
"trust": 1.6,
"vendor": "inductiveautomation",
"version": "7.7.2"
},
{
"model": "automation ignition",
"scope": "eq",
"trust": 0.9,
"vendor": "inductive",
"version": "7.7.2"
},
{
"model": "ignition",
"scope": "eq",
"trust": 0.8,
"vendor": "inductive automation",
"version": "7.7.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ignition",
"version": "7.7.2"
}
],
"sources": [
{
"db": "IVD",
"id": "98f60eec-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02153"
},
{
"db": "BID",
"id": "73468"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002069"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-050"
},
{
"db": "NVD",
"id": "CVE-2015-0976"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:inductiveautomation:ignition",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002069"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Evgeny Druzhinin, Alexey Osipov, Ilya Karpov, and Gleb Gritsai.",
"sources": [
{
"db": "BID",
"id": "73468"
}
],
"trust": 0.3
},
"cve": "CVE-2015-0976",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2015-0976",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.9,
"id": "CNVD-2015-02153",
"impactScore": 7.8,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.9,
"id": "98f60eec-2351-11e6-abef-000c29c66e3d",
"impactScore": 7.8,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-0976",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-0976",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-02153",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201504-050",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "98f60eec-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-0976",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "98f60eec-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02153"
},
{
"db": "VULMON",
"id": "CVE-2015-0976"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002069"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-050"
},
{
"db": "NVD",
"id": "CVE-2015-0976"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in Inductive Automation Ignition 7.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Ignition is an updated version of FactoryPMI, Human Interface/SCADA, from Inductive Automation. Ignition has a security vulnerability that could allow an attacker to execute malicious content in a vulnerable web application. The server reads the data directly from the HTTP request and then returns it in the HTTP response. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0976"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002069"
},
{
"db": "CNVD",
"id": "CNVD-2015-02153"
},
{
"db": "BID",
"id": "73468"
},
{
"db": "IVD",
"id": "98f60eec-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULMON",
"id": "CVE-2015-0976"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0976",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-090-01",
"trust": 3.4
},
{
"db": "CNVD",
"id": "CNVD-2015-02153",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201504-050",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002069",
"trust": 0.8
},
{
"db": "BID",
"id": "73468",
"trust": 0.3
},
{
"db": "IVD",
"id": "98F60EEC-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2015-0976",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "98f60eec-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02153"
},
{
"db": "VULMON",
"id": "CVE-2015-0976"
},
{
"db": "BID",
"id": "73468"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002069"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-050"
},
{
"db": "NVD",
"id": "CVE-2015-0976"
}
]
},
"id": "VAR-201504-0075",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "98f60eec-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02153"
}
],
"trust": 1.53125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "98f60eec-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02153"
}
]
},
"last_update_date": "2024-11-23T21:44:19.741000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Downloads",
"trust": 0.8,
"url": "https://www.inductiveautomation.com/downloads/ignition"
},
{
"title": "Patch for Inductive Automation Ignition Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/56900"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02153"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002069"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002069"
},
{
"db": "NVD",
"id": "CVE-2015-0976"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-090-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0976"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0976"
},
{
"trust": 0.3,
"url": "http://www.inductiveautomation.com/scada-software"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02153"
},
{
"db": "VULMON",
"id": "CVE-2015-0976"
},
{
"db": "BID",
"id": "73468"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002069"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-050"
},
{
"db": "NVD",
"id": "CVE-2015-0976"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "98f60eec-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02153"
},
{
"db": "VULMON",
"id": "CVE-2015-0976"
},
{
"db": "BID",
"id": "73468"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002069"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-050"
},
{
"db": "NVD",
"id": "CVE-2015-0976"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-03T00:00:00",
"db": "IVD",
"id": "98f60eec-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-04-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02153"
},
{
"date": "2015-04-03T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0976"
},
{
"date": "2015-03-31T00:00:00",
"db": "BID",
"id": "73468"
},
{
"date": "2015-04-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002069"
},
{
"date": "2015-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-050"
},
{
"date": "2015-04-03T10:59:11.333000",
"db": "NVD",
"id": "CVE-2015-0976"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02153"
},
{
"date": "2015-04-03T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0976"
},
{
"date": "2015-03-31T00:00:00",
"db": "BID",
"id": "73468"
},
{
"date": "2015-04-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002069"
},
{
"date": "2015-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-050"
},
{
"date": "2024-11-21T02:24:04.063000",
"db": "NVD",
"id": "CVE-2015-0976"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-050"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Inductive Automation Ignition Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "IVD",
"id": "98f60eec-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02153"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-050"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-050"
}
],
"trust": 0.6
}
}
var-201504-0079
Vulnerability from variot
Inductive Automation Ignition 7.7.2 does not terminate a session upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. http://cwe.mitre.org/data/definitions/254.htmlAccess restrictions may be avoided by using an unattended workstation by a third party. Ignition is an updated version of FactoryPMI, Human Interface/SCADA, from Inductive Automation. Ignition does not delete the session after the user quits, which allows the attacker to reuse the current session. Successful exploits may allow an attacker to gain unauthorized access to the affected application
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201504-0079",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ignition",
"scope": "eq",
"trust": 1.6,
"vendor": "inductiveautomation",
"version": "7.7.2"
},
{
"model": "automation ignition",
"scope": "eq",
"trust": 0.9,
"vendor": "inductive",
"version": "7.7.2"
},
{
"model": "ignition",
"scope": "eq",
"trust": 0.8,
"vendor": "inductive automation",
"version": "7.7.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ignition",
"version": "7.7.2"
}
],
"sources": [
{
"db": "IVD",
"id": "98e5f1ba-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02156"
},
{
"db": "BID",
"id": "73474"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002072"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-054"
},
{
"db": "NVD",
"id": "CVE-2015-0993"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:inductiveautomation:ignition",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002072"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Evgeny Druzhinin, Alexey Osipov, Ilya Karpov, and Gleb Gritsai of Positive Technologies",
"sources": [
{
"db": "BID",
"id": "73474"
}
],
"trust": 0.3
},
"cve": "CVE-2015-0993",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-0993",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 2.5,
"id": "CNVD-2015-02156",
"impactScore": 7.8,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:H/Au:S/C:P/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 2.5,
"id": "98e5f1ba-2351-11e6-abef-000c29c66e3d",
"impactScore": 7.8,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:A/AC:H/Au:S/C:P/I:C/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-0993",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-0993",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-02156",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201504-054",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "98e5f1ba-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-0993",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "98e5f1ba-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02156"
},
{
"db": "VULMON",
"id": "CVE-2015-0993"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002072"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-054"
},
{
"db": "NVD",
"id": "CVE-2015-0993"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Inductive Automation Ignition 7.7.2 does not terminate a session upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. http://cwe.mitre.org/data/definitions/254.htmlAccess restrictions may be avoided by using an unattended workstation by a third party. Ignition is an updated version of FactoryPMI, Human Interface/SCADA, from Inductive Automation. Ignition does not delete the session after the user quits, which allows the attacker to reuse the current session. \nSuccessful exploits may allow an attacker to gain unauthorized access to the affected application",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0993"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002072"
},
{
"db": "CNVD",
"id": "CNVD-2015-02156"
},
{
"db": "BID",
"id": "73474"
},
{
"db": "IVD",
"id": "98e5f1ba-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULMON",
"id": "CVE-2015-0993"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0993",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-090-01",
"trust": 3.4
},
{
"db": "CNVD",
"id": "CNVD-2015-02156",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201504-054",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002072",
"trust": 0.8
},
{
"db": "BID",
"id": "73474",
"trust": 0.4
},
{
"db": "IVD",
"id": "98E5F1BA-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2015-0993",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "98e5f1ba-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02156"
},
{
"db": "VULMON",
"id": "CVE-2015-0993"
},
{
"db": "BID",
"id": "73474"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002072"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-054"
},
{
"db": "NVD",
"id": "CVE-2015-0993"
}
]
},
"id": "VAR-201504-0079",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "98e5f1ba-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02156"
}
],
"trust": 1.53125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "98e5f1ba-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02156"
}
]
},
"last_update_date": "2024-11-23T21:44:19.781000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Downloads",
"trust": 0.8,
"url": "https://www.inductiveautomation.com/downloads/ignition"
},
{
"title": "Inductive Automation Ignition invalid session expiration vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/56895"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02156"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002072"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-254",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002072"
},
{
"db": "NVD",
"id": "CVE-2015-0993"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-090-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0993"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0993"
},
{
"trust": 0.3,
"url": "https://www.inductiveautomation.com/downloads/ignition"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/254.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/73474"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/vulnerabilities/windows-hotfix-ms16-036"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02156"
},
{
"db": "VULMON",
"id": "CVE-2015-0993"
},
{
"db": "BID",
"id": "73474"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002072"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-054"
},
{
"db": "NVD",
"id": "CVE-2015-0993"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "98e5f1ba-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02156"
},
{
"db": "VULMON",
"id": "CVE-2015-0993"
},
{
"db": "BID",
"id": "73474"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002072"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-054"
},
{
"db": "NVD",
"id": "CVE-2015-0993"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-03T00:00:00",
"db": "IVD",
"id": "98e5f1ba-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-04-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02156"
},
{
"date": "2015-04-03T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0993"
},
{
"date": "2015-03-31T00:00:00",
"db": "BID",
"id": "73474"
},
{
"date": "2015-04-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002072"
},
{
"date": "2015-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-054"
},
{
"date": "2015-04-03T10:59:15.427000",
"db": "NVD",
"id": "CVE-2015-0993"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02156"
},
{
"date": "2015-04-03T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0993"
},
{
"date": "2015-03-31T00:00:00",
"db": "BID",
"id": "73474"
},
{
"date": "2015-04-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002072"
},
{
"date": "2015-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-054"
},
{
"date": "2024-11-21T02:24:05.983000",
"db": "NVD",
"id": "CVE-2015-0993"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-054"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Inductive Automation Ignition Invalid Session Expiration Vulnerability",
"sources": [
{
"db": "IVD",
"id": "98e5f1ba-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02156"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "73474"
}
],
"trust": 0.3
}
}
var-202006-0363
Vulnerability from variot
The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information. Ignition Is Inductive Automation Industrial software provided by. Ignition Is vulnerable to several vulnerabilities: * Lack of authentication for important features (CWE-306) - CVE-2020-12004, CVE-2020-14479 * Deserialize untrusted data (CWE-502) - CVE-2020-10644, CVE-2020-12000The expected impact depends on each vulnerability, but it may be affected as follows. * Confidential information is stolen by a remote third party because authentication is not performed when requesting a query to the server - CVE-2020-12004, CVE-2020-14479 * Inadequate validation of serialized data deserializes untrusted data provided by a remote third party and executes arbitrary code with system privileges - CVE-2020-10644, CVE-2020-12000. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the getDiffs method of the com.inductiveautomation.ignition.gateway.servlets.gateway.functions.ProjectDownload class. The issue results from the lack of proper authentication required to query to server. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of SYSTEM. The platform supports SCADA (Data Acquisition and Monitoring System), HMI (Human Machine Interface), etc. The vulnerability stems from network systems or products that do not properly restrict access to resources from unauthorized roles. There is currently no detailed vulnerability details provided
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "ignition gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "inductiveautomation",
"version": "7.9.14"
},
{
"_id": null,
"model": "ignition gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "inductiveautomation",
"version": "7.2.4.48"
},
{
"_id": null,
"model": "ignition gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "inductiveautomation",
"version": "8.0.10"
},
{
"_id": null,
"model": "ignition gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "inductiveautomation",
"version": "8.0"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "ignition gateway",
"version": "*"
},
{
"_id": null,
"model": "ignition",
"scope": "eq",
"trust": 0.8,
"vendor": "inductive automation",
"version": "8.0.10"
},
{
"_id": null,
"model": "ignition",
"scope": null,
"trust": 0.7,
"vendor": "inductive automation",
"version": null
},
{
"_id": null,
"model": "automation ignition",
"scope": "lt",
"trust": 0.6,
"vendor": "inductive",
"version": "8.0.10"
},
{
"_id": null,
"model": "automation ignition",
"scope": "lt",
"trust": 0.6,
"vendor": "inductive",
"version": "7.9.14"
}
],
"sources": [
{
"db": "IVD",
"id": "447276e4-5310-4e5f-96a1-291bd3cf70e5"
},
{
"db": "IVD",
"id": "a5e4d27c-8864-460d-8404-d643188155eb"
},
{
"db": "ZDI",
"id": "ZDI-20-685"
},
{
"db": "CNVD",
"id": "CNVD-2020-34645"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004797"
},
{
"db": "NVD",
"id": "CVE-2020-12004"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:inductiveautomation:ignition",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004797"
}
]
},
"credits": {
"_id": null,
"data": "Pedro Ribeiro (pedrib@gmail.com) and Radek Domanski (radek.domanski@gmail.com)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-685"
}
],
"trust": 0.7
},
"cve": "CVE-2020-12004",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-12004",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-34645",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "447276e4-5310-4e5f-96a1-291bd3cf70e5",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "a5e4d27c-8864-460d-8404-d643188155eb",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-164639",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-004797",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 1.6,
"userInteraction": "None",
"vectorString": "3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-12004",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-004797",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-004797",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2020-12004",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2020-004797",
"trust": 1.6,
"value": "Medium"
},
{
"author": "IPA",
"id": "JVNDB-2020-004797",
"trust": 1.6,
"value": "Critical"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2020-12004",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2020-12004",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2020-34645",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-1328",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "447276e4-5310-4e5f-96a1-291bd3cf70e5",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "a5e4d27c-8864-460d-8404-d643188155eb",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-164639",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "447276e4-5310-4e5f-96a1-291bd3cf70e5"
},
{
"db": "IVD",
"id": "a5e4d27c-8864-460d-8404-d643188155eb"
},
{
"db": "ZDI",
"id": "ZDI-20-685"
},
{
"db": "CNVD",
"id": "CNVD-2020-34645"
},
{
"db": "VULHUB",
"id": "VHN-164639"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004797"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004797"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004797"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004797"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1328"
},
{
"db": "NVD",
"id": "CVE-2020-12004"
}
]
},
"description": {
"_id": null,
"data": "The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information. Ignition Is Inductive Automation Industrial software provided by. Ignition Is vulnerable to several vulnerabilities: * Lack of authentication for important features (CWE-306) - CVE-2020-12004, CVE-2020-14479 * Deserialize untrusted data (CWE-502) - CVE-2020-10644, CVE-2020-12000The expected impact depends on each vulnerability, but it may be affected as follows. * Confidential information is stolen by a remote third party because authentication is not performed when requesting a query to the server - CVE-2020-12004, CVE-2020-14479 * Inadequate validation of serialized data deserializes untrusted data provided by a remote third party and executes arbitrary code with system privileges - CVE-2020-10644, CVE-2020-12000. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the getDiffs method of the com.inductiveautomation.ignition.gateway.servlets.gateway.functions.ProjectDownload class. The issue results from the lack of proper authentication required to query to server. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of SYSTEM. The platform supports SCADA (Data Acquisition and Monitoring System), HMI (Human Machine Interface), etc. The vulnerability stems from network systems or products that do not properly restrict access to resources from unauthorized roles. There is currently no detailed vulnerability details provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12004"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004797"
},
{
"db": "ZDI",
"id": "ZDI-20-685"
},
{
"db": "CNVD",
"id": "CNVD-2020-34645"
},
{
"db": "IVD",
"id": "447276e4-5310-4e5f-96a1-291bd3cf70e5"
},
{
"db": "IVD",
"id": "a5e4d27c-8864-460d-8404-d643188155eb"
},
{
"db": "VULHUB",
"id": "VHN-164639"
}
],
"trust": 3.24
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-12004",
"trust": 4.2
},
{
"db": "ICS CERT",
"id": "ICSA-20-147-01",
"trust": 3.1
},
{
"db": "PACKETSTORM",
"id": "158226",
"trust": 1.7
},
{
"db": "ZDI",
"id": "ZDI-20-685",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2020-34645",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1328",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU91608150",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004797",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10275",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "46770",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1872",
"trust": 0.6
},
{
"db": "IVD",
"id": "447276E4-5310-4E5F-96A1-291BD3CF70E5",
"trust": 0.2
},
{
"db": "IVD",
"id": "A5E4D27C-8864-460D-8404-D643188155EB",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-164639",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "447276e4-5310-4e5f-96a1-291bd3cf70e5"
},
{
"db": "IVD",
"id": "a5e4d27c-8864-460d-8404-d643188155eb"
},
{
"db": "ZDI",
"id": "ZDI-20-685"
},
{
"db": "CNVD",
"id": "CNVD-2020-34645"
},
{
"db": "VULHUB",
"id": "VHN-164639"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004797"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1328"
},
{
"db": "NVD",
"id": "CVE-2020-12004"
}
]
},
"id": "VAR-202006-0363",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "447276e4-5310-4e5f-96a1-291bd3cf70e5"
},
{
"db": "IVD",
"id": "a5e4d27c-8864-460d-8404-d643188155eb"
},
{
"db": "CNVD",
"id": "CNVD-2020-34645"
},
{
"db": "VULHUB",
"id": "VHN-164639"
}
],
"trust": 1.83125
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "447276e4-5310-4e5f-96a1-291bd3cf70e5"
},
{
"db": "IVD",
"id": "a5e4d27c-8864-460d-8404-d643188155eb"
},
{
"db": "CNVD",
"id": "CNVD-2020-34645"
}
]
},
"last_update_date": "2024-11-23T21:59:12.857000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Ignition Release Notes",
"trust": 0.8,
"url": "https://inductiveautomation.com/downloads/releasenotes/8.0.10"
},
{
"title": "Inductive Automation has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01"
},
{
"title": "Patch for Inductive Automation Ignition access control error vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/223073"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-685"
},
{
"db": "CNVD",
"id": "CNVD-2020-34645"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004797"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-306",
"trust": 1.9
},
{
"problemtype": "CWE-502",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-164639"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004797"
},
{
"db": "NVD",
"id": "CVE-2020-12004"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 4.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/158226/inductive-automation-ignition-remote-code-execution.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-14479"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12004"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10644"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12000"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91608150/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1872/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12004"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-685/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/46770"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-685"
},
{
"db": "CNVD",
"id": "CNVD-2020-34645"
},
{
"db": "VULHUB",
"id": "VHN-164639"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004797"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1328"
},
{
"db": "NVD",
"id": "CVE-2020-12004"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "447276e4-5310-4e5f-96a1-291bd3cf70e5",
"ident": null
},
{
"db": "IVD",
"id": "a5e4d27c-8864-460d-8404-d643188155eb",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-685",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2020-34645",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-164639",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004797",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1328",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-12004",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-05-26T00:00:00",
"db": "IVD",
"id": "447276e4-5310-4e5f-96a1-291bd3cf70e5",
"ident": null
},
{
"date": "2020-05-26T00:00:00",
"db": "IVD",
"id": "a5e4d27c-8864-460d-8404-d643188155eb",
"ident": null
},
{
"date": "2020-06-01T00:00:00",
"db": "ZDI",
"id": "ZDI-20-685",
"ident": null
},
{
"date": "2020-06-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-34645",
"ident": null
},
{
"date": "2020-06-09T00:00:00",
"db": "VULHUB",
"id": "VHN-164639",
"ident": null
},
{
"date": "2020-05-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004797",
"ident": null
},
{
"date": "2020-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-1328",
"ident": null
},
{
"date": "2020-06-09T18:15:11.137000",
"db": "NVD",
"id": "CVE-2020-12004",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-06-29T00:00:00",
"db": "ZDI",
"id": "ZDI-20-685",
"ident": null
},
{
"date": "2020-06-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-34645",
"ident": null
},
{
"date": "2020-06-25T00:00:00",
"db": "VULHUB",
"id": "VHN-164639",
"ident": null
},
{
"date": "2020-07-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004797",
"ident": null
},
{
"date": "2020-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-1328",
"ident": null
},
{
"date": "2024-11-21T04:59:05.850000",
"db": "NVD",
"id": "CVE-2020-12004",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-1328"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Inductive Automation Ignition Access Control Error Vulnerability",
"sources": [
{
"db": "IVD",
"id": "447276e4-5310-4e5f-96a1-291bd3cf70e5"
},
{
"db": "IVD",
"id": "a5e4d27c-8864-460d-8404-d643188155eb"
},
{
"db": "CNVD",
"id": "CNVD-2020-34645"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1328"
}
],
"trust": 1.6
},
"type": {
"_id": null,
"data": "Access control error",
"sources": [
{
"db": "IVD",
"id": "447276e4-5310-4e5f-96a1-291bd3cf70e5"
},
{
"db": "IVD",
"id": "a5e4d27c-8864-460d-8404-d643188155eb"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1328"
}
],
"trust": 1.0
}
}
var-202006-0318
Vulnerability from variot
The affected product is vulnerable to the handling of serialized data. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information. Ignition Is Inductive Automation Industrial software provided by. Ignition Is vulnerable to several vulnerabilities: * Lack of authentication for important features (CWE-306) - CVE-2020-12004, CVE-2020-14479 * Deserialize untrusted data (CWE-502) - CVE-2020-10644, CVE-2020-12000The expected impact depends on each vulnerability, but it may be affected as follows. * Confidential information is stolen by a remote third party because authentication is not performed when requesting a query to the server - CVE-2020-12004, CVE-2020-14479 * Inadequate validation of serialized data deserializes untrusted data provided by a remote third party and executes arbitrary code with system privileges - CVE-2020-10644, CVE-2020-12000. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. The platform supports SCADA (Data Acquisition and Monitoring System), HMI (Human Machine Interface), etc. Attackers can use this vulnerability to obtain sensitive information
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "ignition gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "inductiveautomation",
"version": "7.9.14"
},
{
"_id": null,
"model": "ignition gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "inductiveautomation",
"version": "7.2.4.48"
},
{
"_id": null,
"model": "ignition gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "inductiveautomation",
"version": "8.0.10"
},
{
"_id": null,
"model": "ignition gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "inductiveautomation",
"version": "8.0"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "ignition gateway",
"version": "*"
},
{
"_id": null,
"model": "ignition",
"scope": "eq",
"trust": 0.8,
"vendor": "inductive automation",
"version": "8.0.10"
},
{
"_id": null,
"model": "ignition",
"scope": null,
"trust": 0.7,
"vendor": "inductive automation",
"version": null
},
{
"_id": null,
"model": "automation ignition",
"scope": "lt",
"trust": 0.6,
"vendor": "inductive",
"version": "8.0.10"
},
{
"_id": null,
"model": "automation ignition",
"scope": "lt",
"trust": 0.6,
"vendor": "inductive",
"version": "7.9.14"
}
],
"sources": [
{
"db": "IVD",
"id": "7820dc4c-aa4b-42b9-ba9e-04ef2182b636"
},
{
"db": "IVD",
"id": "bbe6d67a-e383-424d-9d9d-fcfbfcdd1d12"
},
{
"db": "ZDI",
"id": "ZDI-20-687"
},
{
"db": "CNVD",
"id": "CNVD-2020-34644"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004797"
},
{
"db": "NVD",
"id": "CVE-2020-12000"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:inductiveautomation:ignition",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004797"
}
]
},
"credits": {
"_id": null,
"data": "Chris Anastasio (muffin) and Steven Seeley (mr_me) of Incite Team",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-687"
}
],
"trust": 0.7
},
"cve": "CVE-2020-12000",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-12000",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-34644",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7820dc4c-aa4b-42b9-ba9e-04ef2182b636",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "bbe6d67a-e383-424d-9d9d-fcfbfcdd1d12",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-164635",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-004797",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 1.6,
"userInteraction": "None",
"vectorString": "3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-12000",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-004797",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-004797",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-12000",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2020-004797",
"trust": 1.6,
"value": "Medium"
},
{
"author": "IPA",
"id": "JVNDB-2020-004797",
"trust": 1.6,
"value": "Critical"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2020-12000",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2020-12000",
"trust": 0.7,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2020-34644",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-1318",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7820dc4c-aa4b-42b9-ba9e-04ef2182b636",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "bbe6d67a-e383-424d-9d9d-fcfbfcdd1d12",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-164635",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7820dc4c-aa4b-42b9-ba9e-04ef2182b636"
},
{
"db": "IVD",
"id": "bbe6d67a-e383-424d-9d9d-fcfbfcdd1d12"
},
{
"db": "ZDI",
"id": "ZDI-20-687"
},
{
"db": "CNVD",
"id": "CNVD-2020-34644"
},
{
"db": "VULHUB",
"id": "VHN-164635"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004797"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004797"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004797"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004797"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1318"
},
{
"db": "NVD",
"id": "CVE-2020-12000"
}
]
},
"description": {
"_id": null,
"data": "The affected product is vulnerable to the handling of serialized data. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information. Ignition Is Inductive Automation Industrial software provided by. Ignition Is vulnerable to several vulnerabilities: * Lack of authentication for important features (CWE-306) - CVE-2020-12004, CVE-2020-14479 * Deserialize untrusted data (CWE-502) - CVE-2020-10644, CVE-2020-12000The expected impact depends on each vulnerability, but it may be affected as follows. * Confidential information is stolen by a remote third party because authentication is not performed when requesting a query to the server - CVE-2020-12004, CVE-2020-14479 * Inadequate validation of serialized data deserializes untrusted data provided by a remote third party and executes arbitrary code with system privileges - CVE-2020-10644, CVE-2020-12000. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. The platform supports SCADA (Data Acquisition and Monitoring System), HMI (Human Machine Interface), etc. Attackers can use this vulnerability to obtain sensitive information",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12000"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004797"
},
{
"db": "ZDI",
"id": "ZDI-20-687"
},
{
"db": "CNVD",
"id": "CNVD-2020-34644"
},
{
"db": "IVD",
"id": "7820dc4c-aa4b-42b9-ba9e-04ef2182b636"
},
{
"db": "IVD",
"id": "bbe6d67a-e383-424d-9d9d-fcfbfcdd1d12"
},
{
"db": "VULHUB",
"id": "VHN-164635"
}
],
"trust": 3.24
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-12000",
"trust": 4.2
},
{
"db": "ICS CERT",
"id": "ICSA-20-147-01",
"trust": 3.1
},
{
"db": "ZDI",
"id": "ZDI-20-687",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2020-34644",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1318",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU91608150",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004797",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10278",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "46769",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1872",
"trust": 0.6
},
{
"db": "IVD",
"id": "7820DC4C-AA4B-42B9-BA9E-04EF2182B636",
"trust": 0.2
},
{
"db": "IVD",
"id": "BBE6D67A-E383-424D-9D9D-FCFBFCDD1D12",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-164635",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7820dc4c-aa4b-42b9-ba9e-04ef2182b636"
},
{
"db": "IVD",
"id": "bbe6d67a-e383-424d-9d9d-fcfbfcdd1d12"
},
{
"db": "ZDI",
"id": "ZDI-20-687"
},
{
"db": "CNVD",
"id": "CNVD-2020-34644"
},
{
"db": "VULHUB",
"id": "VHN-164635"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004797"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1318"
},
{
"db": "NVD",
"id": "CVE-2020-12000"
}
]
},
"id": "VAR-202006-0318",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "7820dc4c-aa4b-42b9-ba9e-04ef2182b636"
},
{
"db": "IVD",
"id": "bbe6d67a-e383-424d-9d9d-fcfbfcdd1d12"
},
{
"db": "CNVD",
"id": "CNVD-2020-34644"
},
{
"db": "VULHUB",
"id": "VHN-164635"
}
],
"trust": 1.83125
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "7820dc4c-aa4b-42b9-ba9e-04ef2182b636"
},
{
"db": "IVD",
"id": "bbe6d67a-e383-424d-9d9d-fcfbfcdd1d12"
},
{
"db": "CNVD",
"id": "CNVD-2020-34644"
}
]
},
"last_update_date": "2024-11-23T21:59:12.760000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Ignition Release Notes",
"trust": 0.8,
"url": "https://inductiveautomation.com/downloads/releasenotes/8.0.10"
},
{
"title": "",
"trust": 0.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01"
},
{
"title": "Patch for Inductive Automation Ignition code issue vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/223071"
},
{
"title": "Inductive Automation Ignition Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121611"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-687"
},
{
"db": "CNVD",
"id": "CNVD-2020-34644"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004797"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1318"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-502",
"trust": 1.9
},
{
"problemtype": "CWE-306",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-164635"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004797"
},
{
"db": "NVD",
"id": "CVE-2020-12000"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-14479"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12004"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10644"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12000"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91608150/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1872/"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-687/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/46769"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12000"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-687"
},
{
"db": "CNVD",
"id": "CNVD-2020-34644"
},
{
"db": "VULHUB",
"id": "VHN-164635"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004797"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1318"
},
{
"db": "NVD",
"id": "CVE-2020-12000"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "7820dc4c-aa4b-42b9-ba9e-04ef2182b636",
"ident": null
},
{
"db": "IVD",
"id": "bbe6d67a-e383-424d-9d9d-fcfbfcdd1d12",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-687",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2020-34644",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-164635",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004797",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1318",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-12000",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-05-26T00:00:00",
"db": "IVD",
"id": "7820dc4c-aa4b-42b9-ba9e-04ef2182b636",
"ident": null
},
{
"date": "2020-05-26T00:00:00",
"db": "IVD",
"id": "bbe6d67a-e383-424d-9d9d-fcfbfcdd1d12",
"ident": null
},
{
"date": "2020-06-01T00:00:00",
"db": "ZDI",
"id": "ZDI-20-687",
"ident": null
},
{
"date": "2020-06-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-34644",
"ident": null
},
{
"date": "2020-06-09T00:00:00",
"db": "VULHUB",
"id": "VHN-164635",
"ident": null
},
{
"date": "2020-05-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004797",
"ident": null
},
{
"date": "2020-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-1318",
"ident": null
},
{
"date": "2020-06-09T18:15:10.933000",
"db": "NVD",
"id": "CVE-2020-12000",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-06-01T00:00:00",
"db": "ZDI",
"id": "ZDI-20-687",
"ident": null
},
{
"date": "2020-06-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-34644",
"ident": null
},
{
"date": "2023-03-03T00:00:00",
"db": "VULHUB",
"id": "VHN-164635",
"ident": null
},
{
"date": "2020-07-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004797",
"ident": null
},
{
"date": "2020-06-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-1318",
"ident": null
},
{
"date": "2024-11-21T04:59:05.347000",
"db": "NVD",
"id": "CVE-2020-12000",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-1318"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Inductive Automation Ignition Code Issue Vulnerability",
"sources": [
{
"db": "IVD",
"id": "7820dc4c-aa4b-42b9-ba9e-04ef2182b636"
},
{
"db": "IVD",
"id": "bbe6d67a-e383-424d-9d9d-fcfbfcdd1d12"
},
{
"db": "CNVD",
"id": "CNVD-2020-34644"
}
],
"trust": 1.0
},
"type": {
"_id": null,
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "7820dc4c-aa4b-42b9-ba9e-04ef2182b636"
},
{
"db": "IVD",
"id": "bbe6d67a-e383-424d-9d9d-fcfbfcdd1d12"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1318"
}
],
"trust": 1.0
}
}
var-202007-0328
Vulnerability from variot
The affected product is vulnerable to an information leak, which may allow an attacker to obtain sensitive information on the Ignition 8 (all versions prior to 8.0.13). Ignition 8 Is Inductive Automation Industrial software provided by. Ignition 8 Is vulnerable to lack of authorization processing (CWE-862) Exists.Not protected by a remote third party API To HTTP A request may be sent and any file may be accessed
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-0328",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ignition gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "inductiveautomation",
"version": "8.0"
},
{
"model": "ignition gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "inductiveautomation",
"version": "8.0.13"
},
{
"model": "ignition",
"scope": "eq",
"trust": 0.8,
"vendor": "inductive automation",
"version": "8 v8.0.13 \u306e\u3059\u3079\u3066"
},
{
"model": "automation inductive automation ignition",
"scope": "lt",
"trust": 0.6,
"vendor": "inductive",
"version": "8.0.13"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49320"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007130"
},
{
"db": "NVD",
"id": "CVE-2020-14520"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:inductiveautomation:ignition",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007130"
}
]
},
"cve": "CVE-2020-14520",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-14520",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-49320",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-167407",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-14520",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-007130",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-14520",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2020-007130",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-49320",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-1785",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-167407",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-14520",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49320"
},
{
"db": "VULHUB",
"id": "VHN-167407"
},
{
"db": "VULMON",
"id": "CVE-2020-14520"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007130"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1785"
},
{
"db": "NVD",
"id": "CVE-2020-14520"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The affected product is vulnerable to an information leak, which may allow an attacker to obtain sensitive information on the Ignition 8 (all versions prior to 8.0.13). Ignition 8 Is Inductive Automation Industrial software provided by. Ignition 8 Is vulnerable to lack of authorization processing (CWE-862) Exists.Not protected by a remote third party API To HTTP A request may be sent and any file may be accessed",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14520"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007130"
},
{
"db": "CNVD",
"id": "CNVD-2020-49320"
},
{
"db": "VULHUB",
"id": "VHN-167407"
},
{
"db": "VULMON",
"id": "CVE-2020-14520"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-14520",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-20-212-01",
"trust": 3.2
},
{
"db": "JVN",
"id": "JVNVU97481128",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007130",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-49320",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1785",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "47831",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2621",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-167407",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-14520",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49320"
},
{
"db": "VULHUB",
"id": "VHN-167407"
},
{
"db": "VULMON",
"id": "CVE-2020-14520"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007130"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1785"
},
{
"db": "NVD",
"id": "CVE-2020-14520"
}
]
},
"id": "VAR-202007-0328",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49320"
},
{
"db": "VULHUB",
"id": "VHN-167407"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49320"
}
]
},
"last_update_date": "2024-11-23T23:11:23.785000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Ignition Release Notes",
"trust": 0.8,
"url": "https://inductiveautomation.com/downloads/releasenotes/8.0.13"
},
{
"title": "Patch for Inductive Automation Ignition authorization issue vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/232261"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49320"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007130"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-862",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-167407"
},
{
"db": "NVD",
"id": "CVE-2020-14520"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-212-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14520"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu97481128"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2621/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47831"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14520"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/862.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186191"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49320"
},
{
"db": "VULHUB",
"id": "VHN-167407"
},
{
"db": "VULMON",
"id": "CVE-2020-14520"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007130"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1785"
},
{
"db": "NVD",
"id": "CVE-2020-14520"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-49320"
},
{
"db": "VULHUB",
"id": "VHN-167407"
},
{
"db": "VULMON",
"id": "CVE-2020-14520"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007130"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1785"
},
{
"db": "NVD",
"id": "CVE-2020-14520"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-49320"
},
{
"date": "2020-07-31T00:00:00",
"db": "VULHUB",
"id": "VHN-167407"
},
{
"date": "2020-07-31T00:00:00",
"db": "VULMON",
"id": "CVE-2020-14520"
},
{
"date": "2020-08-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007130"
},
{
"date": "2020-07-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-1785"
},
{
"date": "2020-07-31T13:15:12.617000",
"db": "NVD",
"id": "CVE-2020-14520"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-49320"
},
{
"date": "2020-08-11T00:00:00",
"db": "VULHUB",
"id": "VHN-167407"
},
{
"date": "2020-08-11T00:00:00",
"db": "VULMON",
"id": "CVE-2020-14520"
},
{
"date": "2020-08-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007130"
},
{
"date": "2020-08-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-1785"
},
{
"date": "2024-11-21T05:03:26.827000",
"db": "NVD",
"id": "CVE-2020-14520"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-1785"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Inductive Automation Made Ignition 8 Vulnerability regarding lack of authorization process",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007130"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-1785"
}
],
"trust": 0.6
}
}
var-202004-0525
Vulnerability from variot
Nanometrics Centaur through 4.3.23 and TitanSMA through 4.2.20 mishandle access control for the syslog log. Nanometrics Centaur and TitanSMA Is vulnerable to a lack of resource release after a valid lifetime.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Nanometrics Centaur and Nanometrics TitanSMA are both data loggers from Nanometrics, Canada.
There are security vulnerabilities in Nanometrics Centaur 4.3.23 and earlier versions and TitanSMA 4.2.20 and earlier versions. No detailed vulnerability details are currently provided. The Centaur digital recorder is a portable geophysical sensing acquisition system that consists of a high-resolution 24-bit ADC, a precision GNSS-based clock, and removable storage capabilities. Its ease of use simplifies high performance geophysical sensing deployments in both remote and networked environments. Optimized for seismicity monitoring, the Centaur is also well-suited for infrasound and similar geophysical sensor recording applications requiring sample rates up to 5000 sps.
The TitanSMA is a strong motion accelerograph designed for high precision observational and structural engineering applications, where scientists and engineers require exceptional dynamic range over a wide frequency band.An information disclosure vulnerability exists when Centaur and TitanSMA fail to properly protectcritical system logs such as 'syslog'. Additionally, the implemented Jetty version (9.4.z-SNAPSHOT)suffers from a memory leak of shared buffers that was (supposedly) patched in Jetty version 9.2.9.v20150224.As seen in the aforementioned products, the 'patched' version is still vulnerable to the buffer leakage.Chaining these vulnerabilities allows an unauthenticated adversary to remotely send malicious HTTPpackets, and cause the shared buffer to 'bleed' contents of shared memory and store these in systemlogs. Accessing these unprotected logfiles reveal parts of the leaked buffer (up to 17 bytes per sentpacket) which can be combined to leak sensitive data which can be used to perform session hijackingand authentication bypass scenarios.Tested on: Jetty 9.4.z-SNAPSHOT. Ignition is a powerful industrial application platform withfully integrated development tools for building SCADA, MES, and IIoTsolutions.Remote unauthenticated atackers are able to read arbitrary datafrom other HTTP sessions because Ignition uses a vulnerable Jetty server.When the Jetty web server receives a HTTP request, the below code is usedto parse through the HTTP headers and their associated values. The serverbegins by looping through each character for a given header value and checksthe following:
- On Line 1164, the server checks if the character is printable ASCII ornot a valid ASCII character.
- On Line 1172, the server checks if the character is a space or tab.
- On Line 1175, the server checks if the character is a line feed.
- If the character is non-printable ASCII (or less than 0x20), then allof the checks above are skipped over and the code throws an 'IllegalCharacter'exception on line 1186, passing in the illegal character and a shared buffer.
--------------------------------------------------------------------------------File: jetty-http\src\main\java\org\eclipse\jetty\http\HttpParser.java
---------------------------------------------------------------------------
920: protected boolean parseHeaders(ByteBuffer buffer)
921: {
[..snip..]
1163: case HEADER_VALUE:
1164: if (ch>HttpTokens.SPACE || ch<0)
1165: {
1166: _string.append((char)(0xff&ch));
1167: _length=_string.length();
1168: setState(State.HEADER_IN_VALUE);
1169: break;
1170: }
1171:
1172: if (ch==HttpTokens.SPACE || ch==HttpTokens.TAB)
1173: break;
1174:
1175: if (ch==HttpTokens.LINE_FEED)
1176: {
1177: if (_length > 0)
1178: {
1179: _value=null;
1180: _valueString=(_valueString==null)?takeString():(_valueString+" "+takeString());
1181: }
1182: setState(State.HEADER);
1183: break;
1184: }
1185:
1186: throw new IllegalCharacter(ch,buffer);
--------------------------------------------------------------------------------
Tested on: Microsoft Windows 7 Professional SP1 (EN)Microsoft Windows 7 Ultimate SP1 (EN)Ubuntu Linux 14.04Mac OS XHP-UX ItaniumJetty(9.2.z-SNAPSHOT)Java/1.8.0_73Java/1.8.0_66
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0525",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "titansma",
"scope": "eq",
"trust": 1.5,
"vendor": "nanometrics",
"version": "4.2.20"
},
{
"model": "titansma",
"scope": "lte",
"trust": 1.0,
"vendor": "nanometrics",
"version": "4.2.20"
},
{
"model": "centaur",
"scope": "lte",
"trust": 1.0,
"vendor": "nanometrics",
"version": "4.3.23"
},
{
"model": "centaur",
"scope": "eq",
"trust": 0.9,
"vendor": "nanometrics",
"version": "4.3.23"
},
{
"model": "nanometrics",
"scope": "eq",
"trust": 0.6,
"vendor": "nanometrics",
"version": "4.3.23"
},
{
"model": "centaur / titansma unauthenticated remote memory leak exploit",
"scope": "lt",
"trust": 0.1,
"vendor": "nanometrics",
"version": "centaur \u0026lt;= 4.3.23"
},
{
"model": "centaur / titansma unauthenticated remote memory leak exploit",
"scope": "lt",
"trust": 0.1,
"vendor": "nanometrics",
"version": "titansma \u0026lt;= 4.2.20"
},
{
"model": "ignition",
"scope": "eq",
"trust": 0.1,
"vendor": "inductive automation",
"version": "7.8.1 (b2016012216) and 7.8.0 (b2015101414)"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2020-5562"
},
{
"db": "ZSL",
"id": "ZSL-2016-5306"
},
{
"db": "CNVD",
"id": "CNVD-2021-28723"
},
{
"db": "VULMON",
"id": "CVE-2020-12134"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004932"
},
{
"db": "NVD",
"id": "CVE-2020-12134"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:nanometrics:centaur",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nanometrics:titansma",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004932"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability discovered by byteGoblin",
"sources": [
{
"db": "ZSL",
"id": "ZSL-2020-5562"
}
],
"trust": 0.1
},
"cve": "CVE-2020-12134",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-12134",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-004932",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-28723",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-12134",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-004932",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-12134",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-004932",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2021-28723",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-2084",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "ZSL",
"id": "ZSL-2020-5562",
"trust": 0.1,
"value": "(5/5)"
},
{
"author": "ZSL",
"id": "ZSL-2016-5306",
"trust": 0.1,
"value": "(3/5)"
},
{
"author": "VULMON",
"id": "CVE-2020-12134",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2020-5562"
},
{
"db": "ZSL",
"id": "ZSL-2016-5306"
},
{
"db": "CNVD",
"id": "CNVD-2021-28723"
},
{
"db": "VULMON",
"id": "CVE-2020-12134"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004932"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2084"
},
{
"db": "NVD",
"id": "CVE-2020-12134"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nanometrics Centaur through 4.3.23 and TitanSMA through 4.2.20 mishandle access control for the syslog log. Nanometrics Centaur and TitanSMA Is vulnerable to a lack of resource release after a valid lifetime.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Nanometrics Centaur and Nanometrics TitanSMA are both data loggers from Nanometrics, Canada. \n\r\n\r\nThere are security vulnerabilities in Nanometrics Centaur 4.3.23 and earlier versions and TitanSMA 4.2.20 and earlier versions. No detailed vulnerability details are currently provided. The Centaur digital recorder is a portable geophysical sensing acquisition system that consists of a high-resolution 24-bit ADC, a precision GNSS-based clock, and removable storage capabilities. Its ease of use simplifies high performance geophysical sensing deployments in both remote and networked environments. Optimized for seismicity monitoring, the Centaur is also well-suited for infrasound and similar geophysical sensor recording applications requiring sample rates up to 5000 sps.\u003cbr/\u003e\u003cbr/\u003e The TitanSMA is a strong motion accelerograph designed for high precision observational and structural engineering applications, where scientists and engineers require exceptional dynamic range over a wide frequency band.An information disclosure vulnerability exists when Centaur and TitanSMA fail to properly protectcritical system logs such as \u0027syslog\u0027. Additionally, the implemented Jetty version (9.4.z-SNAPSHOT)suffers from a memory leak of shared buffers that was (supposedly) patched in Jetty version 9.2.9.v20150224.As seen in the aforementioned products, the \u0027patched\u0027 version is still vulnerable to the buffer leakage.Chaining these vulnerabilities allows an unauthenticated adversary to remotely send malicious HTTPpackets, and cause the shared buffer to \u0027bleed\u0027 contents of shared memory and store these in systemlogs. Accessing these unprotected logfiles reveal parts of the leaked buffer (up to 17 bytes per sentpacket) which can be combined to leak sensitive data which can be used to perform session hijackingand authentication bypass scenarios.Tested on: Jetty 9.4.z-SNAPSHOT. Ignition is a powerful industrial application platform withfully integrated development tools for building SCADA, MES, and IIoTsolutions.Remote unauthenticated atackers are able to read arbitrary datafrom other HTTP sessions because Ignition uses a vulnerable Jetty server.When the Jetty web server receives a HTTP request, the below code is usedto parse through the HTTP headers and their associated values. The serverbegins by looping through each character for a given header value and checksthe following:\u003cbr/\u003e\u003cbr/\u003e- On Line 1164, the server checks if the character is printable ASCII ornot a valid ASCII character.\u003cbr/\u003e- On Line 1172, the server checks if the character is a space or tab.\u003cbr/\u003e- On Line 1175, the server checks if the character is a line feed.\u003cbr/\u003e- If the character is non-printable ASCII (or less than 0x20), then allof the checks above are skipped over and the code throws an \u0027IllegalCharacter\u0027exception on line 1186, passing in the illegal character and a shared buffer.\u003cbr/\u003e\u003cbr/\u003e\t--------------------------------------------------------------------------------\u003cbr/\u003e\u003cbr/\u003e\u003ccode\u003eFile: jetty-http\\src\\main\\java\\org\\eclipse\\jetty\\http\\HttpParser.java\u003cbr/\u003e---------------------------------------------------------------------------\u003cbr/\u003e920: protected boolean parseHeaders(ByteBuffer buffer)\u003cbr/\u003e921: {\u003cbr/\u003e[..snip..]\u003cbr/\u003e1163: case HEADER_VALUE:\u003cbr/\u003e1164: if (ch\u0026gt;HttpTokens.SPACE || ch\u0026lt;0)\u003cbr/\u003e1165: {\u003cbr/\u003e1166: _string.append((char)(0xff\u0026amp;ch));\u003cbr/\u003e1167: _length=_string.length();\u003cbr/\u003e1168: setState(State.HEADER_IN_VALUE);\u003cbr/\u003e1169: break;\u003cbr/\u003e1170: }\u003cbr/\u003e1171:\u003cbr/\u003e1172: if (ch==HttpTokens.SPACE || ch==HttpTokens.TAB)\u003cbr/\u003e1173: break;\u003cbr/\u003e1174:\u003cbr/\u003e1175: if (ch==HttpTokens.LINE_FEED)\u003cbr/\u003e1176: {\u003cbr/\u003e1177: if (_length \u0026gt; 0)\u003cbr/\u003e1178: {\u003cbr/\u003e1179: _value=null;\u003cbr/\u003e1180: _valueString=(_valueString==null)?takeString():(_valueString+\" \"+takeString());\u003cbr/\u003e1181: }\u003cbr/\u003e1182: setState(State.HEADER);\u003cbr/\u003e1183: break;\u003cbr/\u003e1184: }\u003cbr/\u003e1185:\u003cbr/\u003e1186: throw new IllegalCharacter(ch,buffer);\u003cbr/\u003e\u003c/code\u003e\u003cbr/\u003e\t--------------------------------------------------------------------------------\u003cbr/\u003e\u003cbr/\u003eTested on: Microsoft Windows 7 Professional SP1 (EN)Microsoft Windows 7 Ultimate SP1 (EN)Ubuntu Linux 14.04Mac OS XHP-UX ItaniumJetty(9.2.z-SNAPSHOT)Java/1.8.0_73Java/1.8.0_66",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12134"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004932"
},
{
"db": "CNVD",
"id": "CNVD-2021-28723"
},
{
"db": "ZSL",
"id": "ZSL-2020-5562"
},
{
"db": "ZSL",
"id": "ZSL-2016-5306"
},
{
"db": "VULMON",
"id": "CVE-2020-12134"
}
],
"trust": 2.43
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.zeroscience.mk/codes/centaur3.txt",
"trust": 0.1,
"type": "poc"
},
{
"reference": "https://www.zeroscience.mk/codes/ignition_bufferbleed.txt",
"trust": 0.1,
"type": "poc"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2020-5562"
},
{
"db": "ZSL",
"id": "ZSL-2016-5306"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-12134",
"trust": 3.2
},
{
"db": "ZSL",
"id": "ZSL-2020-5562",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004932",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-28723",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2084",
"trust": 0.6
},
{
"db": "ZSL",
"id": "ZSL-2016-5306",
"trust": 0.2
},
{
"db": "CXSECURITY",
"id": "WLB-2020020091",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "156387",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "48098",
"trust": 0.1
},
{
"db": "NVD",
"id": "CVE-2015-2080",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "39455",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135804",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2016020156",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-12134",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2020-5562"
},
{
"db": "ZSL",
"id": "ZSL-2016-5306"
},
{
"db": "CNVD",
"id": "CNVD-2021-28723"
},
{
"db": "VULMON",
"id": "CVE-2020-12134"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004932"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2084"
},
{
"db": "NVD",
"id": "CVE-2020-12134"
}
]
},
"id": "VAR-202004-0525",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-28723"
}
],
"trust": 1.4333333499999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-28723"
}
]
},
"last_update_date": "2024-11-23T22:07:43.059000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.nanometrics.ca/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004932"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-772",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004932"
},
{
"db": "NVD",
"id": "CVE-2020-12134"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.zeroscience.mk/en/vulnerabilities/zsl-2020-5562.php"
},
{
"trust": 2.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12134"
},
{
"trust": 0.9,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2080"
},
{
"trust": 0.1,
"url": "https://www.zeroscience.mk/en/vulnerabilities/zsl-2016-5306.php"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/156387"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2020020091"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/176352"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/48098"
},
{
"trust": 0.1,
"url": "http://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html"
},
{
"trust": 0.1,
"url": "https://github.com/gdssecurity/jetleak-testing-script/blob/master/jetleak_tester.py"
},
{
"trust": 0.1,
"url": "http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/plain/advisories/2015-02-24-httpparser-error-buffer-bleed.md"
},
{
"trust": 0.1,
"url": "https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2080"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2016020156"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/135804"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/39455/"
},
{
"trust": 0.1,
"url": "http://www.vfocus.net/art/20160222/12576.html"
},
{
"trust": 0.1,
"url": "https://www.incibe.es/securityadvice/cert_en/early_warning/ics_advisories/fuga_datos_inductive_automation_ignition"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/772.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2020-5562"
},
{
"db": "ZSL",
"id": "ZSL-2016-5306"
},
{
"db": "CNVD",
"id": "CNVD-2021-28723"
},
{
"db": "VULMON",
"id": "CVE-2020-12134"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004932"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2084"
},
{
"db": "NVD",
"id": "CVE-2020-12134"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2020-5562"
},
{
"db": "ZSL",
"id": "ZSL-2016-5306"
},
{
"db": "CNVD",
"id": "CNVD-2021-28723"
},
{
"db": "VULMON",
"id": "CVE-2020-12134"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004932"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2084"
},
{
"db": "NVD",
"id": "CVE-2020-12134"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-15T00:00:00",
"db": "ZSL",
"id": "ZSL-2020-5562"
},
{
"date": "2016-02-16T00:00:00",
"db": "ZSL",
"id": "ZSL-2016-5306"
},
{
"date": "2021-04-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-28723"
},
{
"date": "2020-04-24T00:00:00",
"db": "VULMON",
"id": "CVE-2020-12134"
},
{
"date": "2020-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004932"
},
{
"date": "2020-04-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2084"
},
{
"date": "2020-04-24T01:15:11.367000",
"db": "NVD",
"id": "CVE-2020-12134"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-26T00:00:00",
"db": "ZSL",
"id": "ZSL-2020-5562"
},
{
"date": "2016-02-22T00:00:00",
"db": "ZSL",
"id": "ZSL-2016-5306"
},
{
"date": "2021-04-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-28723"
},
{
"date": "2020-05-06T00:00:00",
"db": "VULMON",
"id": "CVE-2020-12134"
},
{
"date": "2020-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004932"
},
{
"date": "2020-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2084"
},
{
"date": "2024-11-21T04:59:19.137000",
"db": "NVD",
"id": "CVE-2020-12134"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2084"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nanometrics Centaur and TitanSMA Vulnerability regarding lack of resource release after valid lifetime in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004932"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2084"
}
],
"trust": 0.6
}
}
var-201504-0066
Vulnerability from variot
Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which makes it easier for context-dependent attackers to obtain access via a brute-force attack. Ignition is an updated version of FactoryPMI, Human Interface/SCADA, from Inductive Automation. An attacker can exploit this issue to bypass certain security restrictions and aid in brute-force attacks; other attacks may also be possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201504-0066",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ignition",
"scope": "eq",
"trust": 1.6,
"vendor": "inductiveautomation",
"version": "7.7.2"
},
{
"model": "automation ignition",
"scope": "eq",
"trust": 0.9,
"vendor": "inductive",
"version": "7.7.2"
},
{
"model": "ignition",
"scope": "eq",
"trust": 0.8,
"vendor": "inductive automation",
"version": "7.7.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ignition",
"version": "7.7.2"
}
],
"sources": [
{
"db": "IVD",
"id": "98e9dfd2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02158"
},
{
"db": "BID",
"id": "73475"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002074"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-056"
},
{
"db": "NVD",
"id": "CVE-2015-0995"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:inductiveautomation:ignition",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002074"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Evgeny Druzhinin, Alexey Osipov, Ilya Karpov, and Gleb Gritsai of Positive Technologies.",
"sources": [
{
"db": "BID",
"id": "73475"
}
],
"trust": 0.3
},
"cve": "CVE-2015-0995",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-0995",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2015-02158",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "98e9dfd2-2351-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-0995",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-0995",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-02158",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201504-056",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "98e9dfd2-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-0995",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "98e9dfd2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02158"
},
{
"db": "VULMON",
"id": "CVE-2015-0995"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002074"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-056"
},
{
"db": "NVD",
"id": "CVE-2015-0995"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which makes it easier for context-dependent attackers to obtain access via a brute-force attack. Ignition is an updated version of FactoryPMI, Human Interface/SCADA, from Inductive Automation. \nAn attacker can exploit this issue to bypass certain security restrictions and aid in brute-force attacks; other attacks may also be possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0995"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002074"
},
{
"db": "CNVD",
"id": "CNVD-2015-02158"
},
{
"db": "BID",
"id": "73475"
},
{
"db": "IVD",
"id": "98e9dfd2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULMON",
"id": "CVE-2015-0995"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0995",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-090-01",
"trust": 3.4
},
{
"db": "CNVD",
"id": "CNVD-2015-02158",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201504-056",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002074",
"trust": 0.8
},
{
"db": "BID",
"id": "73475",
"trust": 0.4
},
{
"db": "IVD",
"id": "98E9DFD2-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2015-0995",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "98e9dfd2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02158"
},
{
"db": "VULMON",
"id": "CVE-2015-0995"
},
{
"db": "BID",
"id": "73475"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002074"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-056"
},
{
"db": "NVD",
"id": "CVE-2015-0995"
}
]
},
"id": "VAR-201504-0066",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "98e9dfd2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02158"
}
],
"trust": 1.53125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "98e9dfd2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02158"
}
]
},
"last_update_date": "2024-11-23T21:44:19.818000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Downloads",
"trust": 0.8,
"url": "https://www.inductiveautomation.com/downloads/ignition"
},
{
"title": "Inductive Automation Ignition patch for brute force vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/56893"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02158"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002074"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002074"
},
{
"db": "NVD",
"id": "CVE-2015-0995"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-090-01"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0995"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0995"
},
{
"trust": 0.3,
"url": "https://www.inductiveautomation.com/downloads/ignition"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/73475"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02158"
},
{
"db": "VULMON",
"id": "CVE-2015-0995"
},
{
"db": "BID",
"id": "73475"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002074"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-056"
},
{
"db": "NVD",
"id": "CVE-2015-0995"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "98e9dfd2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02158"
},
{
"db": "VULMON",
"id": "CVE-2015-0995"
},
{
"db": "BID",
"id": "73475"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002074"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-056"
},
{
"db": "NVD",
"id": "CVE-2015-0995"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-03T00:00:00",
"db": "IVD",
"id": "98e9dfd2-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-04-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02158"
},
{
"date": "2015-04-03T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0995"
},
{
"date": "2015-03-31T00:00:00",
"db": "BID",
"id": "73475"
},
{
"date": "2015-04-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002074"
},
{
"date": "2015-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-056"
},
{
"date": "2015-04-03T10:59:17.347000",
"db": "NVD",
"id": "CVE-2015-0995"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02158"
},
{
"date": "2015-04-03T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0995"
},
{
"date": "2015-03-31T00:00:00",
"db": "BID",
"id": "73475"
},
{
"date": "2015-04-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002074"
},
{
"date": "2015-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-056"
},
{
"date": "2024-11-21T02:24:06.197000",
"db": "NVD",
"id": "CVE-2015-0995"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-056"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Inductive Automation Ignition Vulnerabilities that gain access",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002074"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trust management",
"sources": [
{
"db": "IVD",
"id": "98e9dfd2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-056"
}
],
"trust": 0.8
}
}
var-201504-0078
Vulnerability from variot
Inductive Automation Ignition 7.7.2 stores cleartext OPC Server credentials, which allows local users to obtain sensitive information via unspecified vectors. Ignition is an updated version of FactoryPMI, Human Interface/SCADA, from Inductive Automation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201504-0078",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ignition",
"scope": "eq",
"trust": 1.6,
"vendor": "inductiveautomation",
"version": "7.7.2"
},
{
"model": "automation ignition",
"scope": "eq",
"trust": 0.9,
"vendor": "inductive",
"version": "7.7.2"
},
{
"model": "ignition",
"scope": "eq",
"trust": 0.8,
"vendor": "inductive automation",
"version": "7.7.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ignition",
"version": "7.7.2"
}
],
"sources": [
{
"db": "IVD",
"id": "98e422d6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02155"
},
{
"db": "BID",
"id": "73469"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002071"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-053"
},
{
"db": "NVD",
"id": "CVE-2015-0992"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:inductiveautomation:ignition",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002071"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Evgeny Druzhinin, Alexey Osipov, Ilya Karpov, and Gleb Gritsai of Positive Technologies",
"sources": [
{
"db": "BID",
"id": "73469"
}
],
"trust": 0.3
},
"cve": "CVE-2015-0992",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2015-0992",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.1,
"id": "CNVD-2015-02155",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.1,
"id": "98e422d6-2351-11e6-abef-000c29c66e3d",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:P/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-0992",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2015-0992",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2015-02155",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201504-053",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "98e422d6-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "98e422d6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02155"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002071"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-053"
},
{
"db": "NVD",
"id": "CVE-2015-0992"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Inductive Automation Ignition 7.7.2 stores cleartext OPC Server credentials, which allows local users to obtain sensitive information via unspecified vectors. Ignition is an updated version of FactoryPMI, Human Interface/SCADA, from Inductive Automation",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0992"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002071"
},
{
"db": "CNVD",
"id": "CNVD-2015-02155"
},
{
"db": "BID",
"id": "73469"
},
{
"db": "IVD",
"id": "98e422d6-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0992",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-15-090-01",
"trust": 2.7
},
{
"db": "CNVD",
"id": "CNVD-2015-02155",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201504-053",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002071",
"trust": 0.8
},
{
"db": "BID",
"id": "73469",
"trust": 0.3
},
{
"db": "IVD",
"id": "98E422D6-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "98e422d6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02155"
},
{
"db": "BID",
"id": "73469"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002071"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-053"
},
{
"db": "NVD",
"id": "CVE-2015-0992"
}
]
},
"id": "VAR-201504-0078",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "98e422d6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02155"
}
],
"trust": 1.53125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "98e422d6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02155"
}
]
},
"last_update_date": "2024-11-23T21:44:19.856000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Downloads",
"trust": 0.8,
"url": "https://www.inductiveautomation.com/downloads/ignition"
},
{
"title": "Patch for Inductive Automation Ignition Information Disclosure Vulnerability (CNVD-2015-02155)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/56898"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02155"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002071"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002071"
},
{
"db": "NVD",
"id": "CVE-2015-0992"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-090-01"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0992"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0992"
},
{
"trust": 0.3,
"url": "https://www.inductiveautomation.com/downloads/ignition"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02155"
},
{
"db": "BID",
"id": "73469"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002071"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-053"
},
{
"db": "NVD",
"id": "CVE-2015-0992"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "98e422d6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02155"
},
{
"db": "BID",
"id": "73469"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002071"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-053"
},
{
"db": "NVD",
"id": "CVE-2015-0992"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-03T00:00:00",
"db": "IVD",
"id": "98e422d6-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-04-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02155"
},
{
"date": "2015-03-31T00:00:00",
"db": "BID",
"id": "73469"
},
{
"date": "2015-04-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002071"
},
{
"date": "2015-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-053"
},
{
"date": "2015-04-03T10:59:14.413000",
"db": "NVD",
"id": "CVE-2015-0992"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02155"
},
{
"date": "2015-03-31T00:00:00",
"db": "BID",
"id": "73469"
},
{
"date": "2015-04-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002071"
},
{
"date": "2015-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-053"
},
{
"date": "2024-11-21T02:24:05.870000",
"db": "NVD",
"id": "CVE-2015-0992"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "73469"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-053"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Inductive Automation Ignition Vulnerability in which important information is obtained",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002071"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-053"
}
],
"trust": 0.6
}
}
CVE-2022-35873 (GCVE-0-2022-35873)
Vulnerability from cvelistv5
Published
2022-07-25 18:17
Modified
2024-08-03 09:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-356 - Product UI does not Warn User of Unsafe Actions
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of ZIP files. Crafted data in a ZIP file can cause the application to execute arbitrary Python scripts. The user interface fails to provide sufficient indication of the hazard. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16949.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-22-1020/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inductive Automation | Ignition |
Version: 8.1.15 (b2022030114) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:44:22.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ignition",
"vendor": "Inductive Automation",
"versions": [
{
"status": "affected",
"version": "8.1.15 (b2022030114)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "20urdjk"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of ZIP files. Crafted data in a ZIP file can cause the application to execute arbitrary Python scripts. The user interface fails to provide sufficient indication of the hazard. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16949."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-356",
"description": "CWE-356: Product UI does not Warn User of Unsafe Actions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T18:17:01",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1020/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2022-35873",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ignition",
"version": {
"version_data": [
{
"version_value": "8.1.15 (b2022030114)"
}
]
}
}
]
},
"vendor_name": "Inductive Automation"
}
]
}
},
"credit": "20urdjk",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of ZIP files. Crafted data in a ZIP file can cause the application to execute arbitrary Python scripts. The user interface fails to provide sufficient indication of the hazard. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16949."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-356: Product UI does not Warn User of Unsafe Actions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities",
"refsource": "MISC",
"url": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-1020/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1020/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-35873",
"datePublished": "2022-07-25T18:17:01",
"dateReserved": "2022-07-14T00:00:00",
"dateUpdated": "2024-08-03T09:44:22.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38122 (GCVE-0-2023-38122)
Vulnerability from cvelistv5
Published
2024-05-03 01:59
Modified
2024-08-02 17:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
Summary
Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the configuration of the web server. The issue results from the lack of appropriate Content Security Policy headers. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of SYSTEM. Was ZDI-CAN-20539.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-1013/ | x_research-advisory | |
| https://inductiveautomation.com/blog/inductive-automation-participates-in-pwn2own-to-strengthen-ignition-security | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inductive Automation | Ignition |
Version: 8.1.24 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:inductiveautomation:ignition:8.1.24:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ignition",
"vendor": "inductiveautomation",
"versions": [
{
"status": "affected",
"version": "8.1.24"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38122",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-06T18:46:07.517841Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T21:01:09.444Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:30:13.908Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1013",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1013/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://inductiveautomation.com/blog/inductive-automation-participates-in-pwn2own-to-strengthen-ignition-security"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Ignition",
"vendor": "Inductive Automation",
"versions": [
{
"status": "affected",
"version": "8.1.24"
}
]
}
],
"dateAssigned": "2023-07-12T10:35:24.997-05:00",
"datePublic": "2023-08-01T09:07:46.401-05:00",
"descriptions": [
{
"lang": "en",
"value": "Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the configuration of the web server. The issue results from the lack of appropriate Content Security Policy headers. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of SYSTEM. Was ZDI-CAN-20539."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942: Permissive Cross-domain Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:59:19.031Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1013",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1013/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://inductiveautomation.com/blog/inductive-automation-participates-in-pwn2own-to-strengthen-ignition-security"
}
],
"source": {
"lang": "en",
"value": "20urdjk"
},
"title": "Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-38122",
"datePublished": "2024-05-03T01:59:19.031Z",
"dateReserved": "2023-07-12T15:22:20.623Z",
"dateUpdated": "2024-08-02T17:30:13.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1264 (GCVE-0-2022-1264)
Vulnerability from cvelistv5
Published
2022-07-20 15:34
Modified
2025-04-16 16:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-102-03 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inductive Automation | Ignition |
Version: All 8.1 versions 8.1.10 Version: 8.0.4 < All 8.0 versions* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-102-03"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1264",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:51:07.081388Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:14:44.951Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Ignition",
"vendor": "Inductive Automation",
"versions": [
{
"status": "affected",
"version": "All 8.1 versions 8.1.10"
},
{
"lessThan": "All 8.0 versions*",
"status": "affected",
"version": "8.0.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Mashav Sapir of Claroty reported this vulnerability to CISA"
}
],
"datePublic": "2022-04-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-20T15:34:59.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-102-03"
}
],
"solutions": [
{
"lang": "en",
"value": "Inductive Automation recommends users upgrade the Ignition software to 8.1.10 or later."
}
],
"source": {
"advisory": "ICSA-22-102-03",
"discovery": "UNKNOWN"
},
"title": "Inductive Automation Ignition",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-04-12T17:00:00.000Z",
"ID": "CVE-2022-1264",
"STATE": "PUBLIC",
"TITLE": "Inductive Automation Ignition"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ignition",
"version": {
"version_data": [
{
"version_affected": "\u003e",
"version_name": "All 8.0 versions",
"version_value": "8.0.4"
},
{
"version_name": "All 8.1 versions",
"version_value": "8.1.10"
}
]
}
}
]
},
"vendor_name": "Inductive Automation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Mashav Sapir of Claroty reported this vulnerability to CISA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-102-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-102-03"
}
]
},
"solution": [
{
"lang": "en",
"value": "Inductive Automation recommends users upgrade the Ignition software to 8.1.10 or later."
}
],
"source": {
"advisory": "ICSA-22-102-03",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-1264",
"datePublished": "2022-07-20T15:34:59.675Z",
"dateReserved": "2022-04-06T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:14:44.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50218 (GCVE-0-2023-50218)
Vulnerability from cvelistv5
Published
2024-05-03 02:14
Modified
2024-08-02 22:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
Inductive Automation Ignition ModuleInvoke Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability.
The specific flaw exists within the ModuleInvoke class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-21624.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-1813/ | x_research-advisory | |
| https://security.inductiveautomation.com/?tcuUid=fc4c4515-046d-4365-b688-693337449c5b | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inductive Automation | Ignition |
Version: 8.1.30 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:inductiveautomation:ignition:8.1.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ignition",
"vendor": "inductiveautomation",
"versions": [
{
"status": "affected",
"version": "8.1.3"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50218",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-06T20:56:49.694175Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:17:58.468Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:09:49.786Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1813",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1813/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.inductiveautomation.com/?tcuUid=fc4c4515-046d-4365-b688-693337449c5b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Ignition",
"vendor": "Inductive Automation",
"versions": [
{
"status": "affected",
"version": "8.1.30"
}
]
}
],
"dateAssigned": "2023-12-05T13:37:59.662-06:00",
"datePublic": "2024-01-05T08:56:04.085-06:00",
"descriptions": [
{
"lang": "en",
"value": "Inductive Automation Ignition ModuleInvoke Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the ModuleInvoke class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-21624."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:14:38.394Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1813",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1813/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://security.inductiveautomation.com/?tcuUid=fc4c4515-046d-4365-b688-693337449c5b"
}
],
"source": {
"lang": "en",
"value": "Nguyen Quoc Viet (Petrus Viet) of VNG Security Researcher"
},
"title": "Inductive Automation Ignition ModuleInvoke Deserialization of Untrusted Data Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-50218",
"datePublished": "2024-05-03T02:14:38.394Z",
"dateReserved": "2023-12-05T16:15:17.542Z",
"dateUpdated": "2024-08-02T22:09:49.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38124 (GCVE-0-2023-38124)
Vulnerability from cvelistv5
Published
2024-05-03 01:59
Modified
2024-08-02 17:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-749 - Exposed Dangerous Method or Function
Summary
Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability.
The specific flaw exists within the Ignition Gateway server. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20541.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-1015/ | x_research-advisory | |
| https://inductiveautomation.com/blog/inductive-automation-participates-in-pwn2own-to-strengthen-ignition-security | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inductive Automation | Ignition |
Version: 8.1.24 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:inductiveautomation:ignition:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ignition",
"vendor": "inductiveautomation",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38124",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-16T17:29:25.520163Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:27:56.867Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:30:14.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1015",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1015/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://inductiveautomation.com/blog/inductive-automation-participates-in-pwn2own-to-strengthen-ignition-security"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Ignition",
"vendor": "Inductive Automation",
"versions": [
{
"status": "affected",
"version": "8.1.24"
}
]
}
],
"dateAssigned": "2023-07-12T10:35:25.013-05:00",
"datePublic": "2023-08-01T09:08:05.021-05:00",
"descriptions": [
{
"lang": "en",
"value": "Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the Ignition Gateway server. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20541."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749: Exposed Dangerous Method or Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:59:20.496Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1015",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1015/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://inductiveautomation.com/blog/inductive-automation-participates-in-pwn2own-to-strengthen-ignition-security"
}
],
"source": {
"lang": "en",
"value": "20urdjk"
},
"title": "Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-38124",
"datePublished": "2024-05-03T01:59:20.496Z",
"dateReserved": "2023-07-12T15:22:20.623Z",
"dateUpdated": "2024-08-02T17:30:14.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50219 (GCVE-0-2023-50219)
Vulnerability from cvelistv5
Published
2024-05-03 02:14
Modified
2024-08-02 22:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
Inductive Automation Ignition RunQuery Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability.
The specific flaw exists within the RunQuery class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-21625.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-014/ | x_research-advisory | |
| https://security.inductiveautomation.com/?tcuUid=fc4c4515-046d-4365-b688-693337449c5b | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inductive Automation | Ignition |
Version: 8.1.30 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:inductiveautomation:ignition:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ignition",
"vendor": "inductiveautomation",
"versions": [
{
"status": "affected",
"version": "8.1.30"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50219",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-03T20:15:14.831755Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:17:51.888Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:09:49.777Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-24-014",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-014/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.inductiveautomation.com/?tcuUid=fc4c4515-046d-4365-b688-693337449c5b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Ignition",
"vendor": "Inductive Automation",
"versions": [
{
"status": "affected",
"version": "8.1.30"
}
]
}
],
"dateAssigned": "2023-12-05T13:37:59.667-06:00",
"datePublic": "2024-01-05T09:00:05.498-06:00",
"descriptions": [
{
"lang": "en",
"value": "Inductive Automation Ignition RunQuery Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the RunQuery class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-21625."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:14:39.147Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-014",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-014/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://security.inductiveautomation.com/?tcuUid=fc4c4515-046d-4365-b688-693337449c5b"
}
],
"source": {
"lang": "en",
"value": "Nguyen Quoc Viet (Petrus Viet) of VNG Security Researcher"
},
"title": "Inductive Automation Ignition RunQuery Deserialization of Untrusted Data Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-50219",
"datePublished": "2024-05-03T02:14:39.147Z",
"dateReserved": "2023-12-05T16:15:17.542Z",
"dateUpdated": "2024-08-02T22:09:49.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50221 (GCVE-0-2023-50221)
Vulnerability from cvelistv5
Published
2024-05-03 02:14
Modified
2024-08-02 22:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
Inductive Automation Ignition ResponseParser SerializedResponse Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server.
The specific flaw exists within the ResponseParser method. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-21926.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-016/ | x_research-advisory | |
| https://security.inductiveautomation.com/?tcuUid=fc4c4515-046d-4365-b688-693337449c5b | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inductive Automation | Ignition |
Version: 8.1.31 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:inductiveautomation:ignition:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ignition",
"vendor": "inductiveautomation",
"versions": [
{
"status": "affected",
"version": "8.1.31"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50221",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T19:58:04.180966Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T20:01:39.250Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:09:49.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-24-016",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-016/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.inductiveautomation.com/?tcuUid=fc4c4515-046d-4365-b688-693337449c5b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Ignition",
"vendor": "Inductive Automation",
"versions": [
{
"status": "affected",
"version": "8.1.31"
}
]
}
],
"dateAssigned": "2023-12-05T13:37:59.678-06:00",
"datePublic": "2024-01-05T09:00:17.168-06:00",
"descriptions": [
{
"lang": "en",
"value": "Inductive Automation Ignition ResponseParser SerializedResponse Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server.\n\nThe specific flaw exists within the ResponseParser method. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-21926."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:14:40.701Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-016",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-016/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://security.inductiveautomation.com/?tcuUid=fc4c4515-046d-4365-b688-693337449c5b"
}
],
"source": {
"lang": "en",
"value": "Nguyen Quoc Viet (Petrus Viet) of VNG Security Researcher"
},
"title": "Inductive Automation Ignition ResponseParser SerializedResponse Deserialization of Untrusted Data Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-50221",
"datePublished": "2024-05-03T02:14:40.701Z",
"dateReserved": "2023-12-05T16:15:17.542Z",
"dateUpdated": "2024-08-02T22:09:49.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-35872 (GCVE-0-2022-35872)
Vulnerability from cvelistv5
Published
2022-07-25 18:16
Modified
2024-08-03 09:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ZIP files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17115.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-22-1019/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inductive Automation | Ignition |
Version: 8.1.15 (b2022030114) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:44:22.147Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1019/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ignition",
"vendor": "Inductive Automation",
"versions": [
{
"status": "affected",
"version": "8.1.15 (b2022030114)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Piotr Bazydlo (@chudypb)"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ZIP files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17115."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T18:16:47",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1019/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2022-35872",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ignition",
"version": {
"version_data": [
{
"version_value": "8.1.15 (b2022030114)"
}
]
}
}
]
},
"vendor_name": "Inductive Automation"
}
]
}
},
"credit": "Piotr Bazydlo (@chudypb)",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ZIP files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17115."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502: Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities",
"refsource": "MISC",
"url": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-1019/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1019/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-35872",
"datePublished": "2022-07-25T18:16:47",
"dateReserved": "2022-07-14T00:00:00",
"dateUpdated": "2024-08-03T09:44:22.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50222 (GCVE-0-2023-50222)
Vulnerability from cvelistv5
Published
2024-05-03 02:14
Modified
2024-08-02 22:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
Inductive Automation Ignition ResponseParser Notification Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server.
The specific flaw exists within the ResponseParser method. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22067.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-017/ | x_research-advisory | |
| https://security.inductiveautomation.com/?tcuUid=fc4c4515-046d-4365-b688-693337449c5b | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inductive Automation | Ignition |
Version: 8.1.31 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:inductiveautomation:ignition:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ignition",
"vendor": "inductiveautomation",
"versions": [
{
"status": "affected",
"version": "8.1.31"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50222",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-03T21:03:47.740884Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:17:59.944Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:09:49.870Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-24-017",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-017/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.inductiveautomation.com/?tcuUid=fc4c4515-046d-4365-b688-693337449c5b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Ignition",
"vendor": "Inductive Automation",
"versions": [
{
"status": "affected",
"version": "8.1.31"
}
]
}
],
"dateAssigned": "2023-12-05T13:37:59.686-06:00",
"datePublic": "2024-01-05T09:00:22.033-06:00",
"descriptions": [
{
"lang": "en",
"value": "Inductive Automation Ignition ResponseParser Notification Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server.\n\nThe specific flaw exists within the ResponseParser method. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22067."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:14:41.474Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-017",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-017/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://security.inductiveautomation.com/?tcuUid=fc4c4515-046d-4365-b688-693337449c5b"
}
],
"source": {
"lang": "en",
"value": "Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative"
},
"title": "Inductive Automation Ignition ResponseParser Notification Deserialization of Untrusted Data Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-50222",
"datePublished": "2024-05-03T02:14:41.474Z",
"dateReserved": "2023-12-05T16:15:17.542Z",
"dateUpdated": "2024-08-02T22:09:49.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38123 (GCVE-0-2023-38123)
Vulnerability from cvelistv5
Published
2024-05-03 01:59
Modified
2024-08-02 17:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Summary
Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the server configuration. The issue results from the lack of authentication prior to allowing access to password change functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-20540.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-1014/ | x_research-advisory | |
| https://inductiveautomation.com/blog/inductive-automation-participates-in-pwn2own-to-strengthen-ignition-security | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inductive Automation | Ignition |
Version: 8.1.24 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:inductiveautomation:ignition:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ignition",
"vendor": "inductiveautomation",
"versions": [
{
"status": "affected",
"version": "8.1.24"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38123",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-06T18:20:26.377240Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:28:11.909Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:30:14.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1014",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1014/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://inductiveautomation.com/blog/inductive-automation-participates-in-pwn2own-to-strengthen-ignition-security"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Ignition",
"vendor": "Inductive Automation",
"versions": [
{
"status": "affected",
"version": "8.1.24"
}
]
}
],
"dateAssigned": "2023-07-12T10:35:25.007-05:00",
"datePublic": "2023-08-01T09:07:57.002-05:00",
"descriptions": [
{
"lang": "en",
"value": "Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the server configuration. The issue results from the lack of authentication prior to allowing access to password change functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-20540."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:59:19.765Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1014",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1014/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://inductiveautomation.com/blog/inductive-automation-participates-in-pwn2own-to-strengthen-ignition-security"
}
],
"source": {
"lang": "en",
"value": "20urdjk"
},
"title": "Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function Authentication Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-38123",
"datePublished": "2024-05-03T01:59:19.765Z",
"dateReserved": "2023-07-12T15:22:20.623Z",
"dateUpdated": "2024-08-02T17:30:14.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-35871 (GCVE-0-2022-35871)
Vulnerability from cvelistv5
Published
2022-07-25 18:16
Modified
2024-08-03 09:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within the authenticateAdSso method. The issue results from the lack of authentication prior to allowing the execution of python code. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17206.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-22-1018/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inductive Automation | Ignition |
Version: 8.1.15 (b2022030114) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:44:22.103Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1018/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ignition",
"vendor": "Inductive Automation",
"versions": [
{
"status": "affected",
"version": "8.1.15 (b2022030114)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Daan Keuper \u0026 Thijs Alkemade from Computest"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within the authenticateAdSso method. The issue results from the lack of authentication prior to allowing the execution of python code. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17206."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T18:16:39",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1018/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2022-35871",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ignition",
"version": {
"version_data": [
{
"version_value": "8.1.15 (b2022030114)"
}
]
}
}
]
},
"vendor_name": "Inductive Automation"
}
]
}
},
"credit": "Daan Keuper \u0026 Thijs Alkemade from Computest",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within the authenticateAdSso method. The issue results from the lack of authentication prior to allowing the execution of python code. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17206."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306: Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities",
"refsource": "MISC",
"url": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-1018/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1018/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-35871",
"datePublished": "2022-07-25T18:16:39",
"dateReserved": "2022-07-14T00:00:00",
"dateUpdated": "2024-08-03T09:44:22.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-35870 (GCVE-0-2022-35870)
Vulnerability from cvelistv5
Published
2022-07-25 18:16
Modified
2024-08-03 09:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within com.inductiveautomation.metro.impl. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17265.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-22-1017/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inductive Automation | Ignition |
Version: 8.1.15 (b2022030114) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:44:22.285Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1017/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ignition",
"vendor": "Inductive Automation",
"versions": [
{
"status": "affected",
"version": "8.1.15 (b2022030114)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "@_s_n_t of @pentestltd"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within com.inductiveautomation.metro.impl. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17265."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T18:16:35",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1017/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2022-35870",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ignition",
"version": {
"version_data": [
{
"version_value": "8.1.15 (b2022030114)"
}
]
}
}
]
},
"vendor_name": "Inductive Automation"
}
]
}
},
"credit": "@_s_n_t of @pentestltd",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within com.inductiveautomation.metro.impl. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17265."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502: Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities",
"refsource": "MISC",
"url": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-1017/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1017/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-35870",
"datePublished": "2022-07-25T18:16:35",
"dateReserved": "2022-07-14T00:00:00",
"dateUpdated": "2024-08-03T09:44:22.285Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39474 (GCVE-0-2023-39474)
Vulnerability from cvelistv5
Published
2024-05-03 02:10
Modified
2024-09-18 18:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-494 - Download of Code Without Integrity Check
Summary
Inductive Automation Ignition downloadLaunchClientJar Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server.
The specific flaw exists within the downloadLaunchClientJar function. The issue results from the lack of validating a remote JAR file prior to loading it. An attacker can leverage this vulnerability to execute code in the context of the current user.
. Was ZDI-CAN-19915.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-1049/ | x_research-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inductive Automation | Ignition |
Version: 8.1.24-RC / 1.1.24-RC |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:inductiveautomation:ignition:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ignition",
"vendor": "inductiveautomation",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39474",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T19:35:35.328270Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T19:35:38.394Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:21.129Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1049",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1049/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Ignition",
"vendor": "Inductive Automation",
"versions": [
{
"status": "affected",
"version": "8.1.24-RC / 1.1.24-RC"
}
]
}
],
"dateAssigned": "2023-08-02T16:44:31.493-05:00",
"datePublic": "2023-08-08T09:49:25.873-05:00",
"descriptions": [
{
"lang": "en",
"value": "Inductive Automation Ignition downloadLaunchClientJar Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server.\n\nThe specific flaw exists within the downloadLaunchClientJar function. The issue results from the lack of validating a remote JAR file prior to loading it. An attacker can leverage this vulnerability to execute code in the context of the current user.\n. Was ZDI-CAN-19915."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-494",
"description": "CWE-494: Download of Code Without Integrity Check",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:29:37.407Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1049",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1049/"
}
],
"source": {
"lang": "en",
"value": "Nguy\u1ec5n Ti\u1ebfn Giang (Jang) of STAR Labs SG Pte. Ltd."
},
"title": "Inductive Automation Ignition downloadLaunchClientJar Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-39474",
"datePublished": "2024-05-03T02:10:40.714Z",
"dateReserved": "2023-08-02T21:37:23.124Z",
"dateUpdated": "2024-09-18T18:29:37.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50233 (GCVE-0-2023-50233)
Vulnerability from cvelistv5
Published
2024-05-03 02:14
Modified
2024-08-02 22:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
Inductive Automation Ignition getJavaExecutable Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server.
The specific flaw exists within the getJavaExecutable method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22029.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-185/ | x_research-advisory | |
| https://security.inductiveautomation.com/?tcuUid=fc4c4515-046d-4365-b688-693337449c5b | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inductive Automation | Ignition |
Version: 8.1.31 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:inductiveautomation:ignition:8.1.31:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ignition",
"vendor": "inductiveautomation",
"versions": [
{
"status": "affected",
"version": "8.1.31"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50233",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-19T14:09:00.610715Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T21:03:14.575Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:09:49.895Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-24-185",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-185/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.inductiveautomation.com/?tcuUid=fc4c4515-046d-4365-b688-693337449c5b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Ignition",
"vendor": "Inductive Automation",
"versions": [
{
"status": "affected",
"version": "8.1.31"
}
]
}
],
"dateAssigned": "2023-12-05T13:37:59.749-06:00",
"datePublic": "2024-02-21T13:14:57.983-06:00",
"descriptions": [
{
"lang": "en",
"value": "Inductive Automation Ignition getJavaExecutable Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server.\n\nThe specific flaw exists within the getJavaExecutable method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22029."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:14:49.645Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-185",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-185/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://security.inductiveautomation.com/?tcuUid=fc4c4515-046d-4365-b688-693337449c5b"
}
],
"source": {
"lang": "en",
"value": "Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative"
},
"title": "Inductive Automation Ignition getJavaExecutable Directory Traversal Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-50233",
"datePublished": "2024-05-03T02:14:49.645Z",
"dateReserved": "2023-12-05T16:15:17.545Z",
"dateUpdated": "2024-08-02T22:09:49.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38121 (GCVE-0-2023-38121)
Vulnerability from cvelistv5
Published
2024-05-03 01:59
Modified
2024-08-02 17:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Inductive Automation Ignition OPC UA Quick Client Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of the id parameter provided to the Inductive Automation Ignition web interface. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-20355.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-1012/ | x_research-advisory | |
| https://inductiveautomation.com/blog/inductive-automation-participates-in-pwn2own-to-strengthen-ignition-security | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inductive Automation | Ignition |
Version: 8.1.24 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:inductiveautomation:ignition:8.1.24:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ignition",
"vendor": "inductiveautomation",
"versions": [
{
"status": "affected",
"version": "8.1.24"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38121",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-19T14:12:50.388895Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T20:29:46.334Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:30:14.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1012",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1012/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://inductiveautomation.com/blog/inductive-automation-participates-in-pwn2own-to-strengthen-ignition-security"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Ignition",
"vendor": "Inductive Automation",
"versions": [
{
"status": "affected",
"version": "8.1.24"
}
]
}
],
"dateAssigned": "2023-07-12T10:35:24.991-05:00",
"datePublic": "2023-08-01T09:07:38.431-05:00",
"descriptions": [
{
"lang": "en",
"value": "Inductive Automation Ignition OPC UA Quick Client Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of the id parameter provided to the Inductive Automation Ignition web interface. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-20355."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:59:18.329Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1012",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1012/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://inductiveautomation.com/blog/inductive-automation-participates-in-pwn2own-to-strengthen-ignition-security"
}
],
"source": {
"lang": "en",
"value": "20urdjk"
},
"title": "Inductive Automation Ignition OPC UA Quick Client Cross-Site Scripting Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-38121",
"datePublished": "2024-05-03T01:59:18.329Z",
"dateReserved": "2023-07-12T15:22:20.623Z",
"dateUpdated": "2024-08-02T17:30:14.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-35869 (GCVE-0-2022-35869)
Vulnerability from cvelistv5
Published
2022-07-25 18:16
Modified
2024-08-03 09:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Summary
This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within com.inductiveautomation.ignition.gateway.web.pages. The issue results from the lack of proper authentication prior to access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17211.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-22-1016/ | x_refsource_MISC | |
| https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inductive Automation | Ignition |
Version: 8.1.15 (b2022030114) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:44:22.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1016/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ignition",
"vendor": "Inductive Automation",
"versions": [
{
"status": "affected",
"version": "8.1.15 (b2022030114)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "@_s_n_t of @pentestltd"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within com.inductiveautomation.ignition.gateway.web.pages. The issue results from the lack of proper authentication prior to access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17211."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T18:16:27",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1016/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2022-35869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ignition",
"version": {
"version_data": [
{
"version_value": "8.1.15 (b2022030114)"
}
]
}
}
]
},
"vendor_name": "Inductive Automation"
}
]
}
},
"credit": "@_s_n_t of @pentestltd",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within com.inductiveautomation.ignition.gateway.web.pages. The issue results from the lack of proper authentication prior to access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17211."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-1016/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1016/"
},
{
"name": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities",
"refsource": "MISC",
"url": "https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-35869",
"datePublished": "2022-07-25T18:16:27",
"dateReserved": "2022-07-14T00:00:00",
"dateUpdated": "2024-08-03T09:44:22.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50232 (GCVE-0-2023-50232)
Vulnerability from cvelistv5
Published
2024-05-03 02:14
Modified
2024-08-02 22:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Summary
Inductive Automation Ignition getParams Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server.
The specific flaw exists within the getParams method. The issue results from the lack of proper validation of a user-supplied string before using it to prepare an argument for a system call. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22028.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-184/ | x_research-advisory | |
| https://security.inductiveautomation.com/?tcuUid=fc4c4515-046d-4365-b688-693337449c5b | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inductive Automation | Ignition |
Version: 8.1.31 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:inductiveautomation:ignition:8.1.31:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ignition",
"vendor": "inductiveautomation",
"versions": [
{
"lessThan": "8.1.35",
"status": "affected",
"version": "8.1.31",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50232",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-14T19:21:19.849756Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T19:25:30.871Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:09:49.865Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-24-184",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-184/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.inductiveautomation.com/?tcuUid=fc4c4515-046d-4365-b688-693337449c5b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Ignition",
"vendor": "Inductive Automation",
"versions": [
{
"status": "affected",
"version": "8.1.31"
}
]
}
],
"dateAssigned": "2023-12-05T13:37:59.744-06:00",
"datePublic": "2024-02-21T13:14:52.766-06:00",
"descriptions": [
{
"lang": "en",
"value": "Inductive Automation Ignition getParams Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server.\n\nThe specific flaw exists within the getParams method. The issue results from the lack of proper validation of a user-supplied string before using it to prepare an argument for a system call. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22028."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:14:48.881Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-184",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-184/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://security.inductiveautomation.com/?tcuUid=fc4c4515-046d-4365-b688-693337449c5b"
}
],
"source": {
"lang": "en",
"value": "Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative"
},
"title": "Inductive Automation Ignition getParams Argument Injection Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-50232",
"datePublished": "2024-05-03T02:14:48.881Z",
"dateReserved": "2023-12-05T16:15:17.545Z",
"dateUpdated": "2024-08-02T22:09:49.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39472 (GCVE-0-2023-39472)
Vulnerability from cvelistv5
Published
2024-05-03 02:10
Modified
2024-08-02 18:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
Summary
Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability.
The specific flaw exists within the SimpleXMLReader class. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the SYSTEM.
. Was ZDI-CAN-17571.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-1048/ | x_research-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inductive Automation | Ignition |
Version: 8.1.17 LTS |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:inductiveautomation:ignition:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ignition",
"vendor": "inductiveautomation",
"versions": [
{
"status": "affected",
"version": "8.1.17 LTS"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39472",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-10T18:22:51.863259Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:27:10.426Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1048",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1048/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Ignition",
"vendor": "Inductive Automation",
"versions": [
{
"status": "affected",
"version": "8.1.17 LTS"
}
]
}
],
"dateAssigned": "2023-08-02T16:44:31.483-05:00",
"datePublic": "2023-08-08T09:49:22.244-05:00",
"descriptions": [
{
"lang": "en",
"value": "Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the SimpleXMLReader class. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the SYSTEM.\n. Was ZDI-CAN-17571."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-09T22:21:06.255Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1048",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1048/"
}
],
"source": {
"lang": "en",
"value": "Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative"
},
"title": "Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-39472",
"datePublished": "2024-05-03T02:10:39.196Z",
"dateReserved": "2023-08-02T21:37:23.124Z",
"dateUpdated": "2024-08-02T18:10:20.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1704 (GCVE-0-2022-1704)
Vulnerability from cvelistv5
Published
2022-08-05 15:25
Modified
2025-04-16 16:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
Summary
Due to an XML external entity reference, the software parses XML in the backup/restore functionality without XML security flags, which may lead to a XXE attack while restoring the backup.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-01 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inductive Automation | Ignition |
Version: 8.1 < Version: All < 7.9.21 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1704",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:50:51.760136Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:13:45.512Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Ignition",
"vendor": "Inductive Automation",
"versions": [
{
"lessThanOrEqual": "8.1.7",
"status": "affected",
"version": "8.1",
"versionType": "custom"
},
{
"lessThan": "7.9.21",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Keval Shah reported this vulnerability to CISA"
}
],
"datePublic": "2022-07-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Due to an XML external entity reference, the software parses XML in the backup/restore functionality without XML security flags, which may lead to a XXE attack while restoring the backup."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T15:25:19.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-01"
}
],
"solutions": [
{
"lang": "en",
"value": "Inductive Automation recommends users upgrade the Ignition software to the latest version:\n\nInductive Automation Ignition: Version 8.1.9 or later\nInductive Automation Ignition: Version 7.9.21 or later"
}
],
"source": {
"advisory": "ICSA-22-207-01",
"discovery": "EXTERNAL"
},
"title": "Inductive Automation Ignition",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-07-26T17:00:00.000Z",
"ID": "CVE-2022-1704",
"STATE": "PUBLIC",
"TITLE": "Inductive Automation Ignition"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ignition",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "8.1",
"version_value": "8.1.7"
},
{
"version_affected": "\u003c",
"version_name": "All",
"version_value": "7.9.21"
}
]
}
}
]
},
"vendor_name": "Inductive Automation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Keval Shah reported this vulnerability to CISA"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Due to an XML external entity reference, the software parses XML in the backup/restore functionality without XML security flags, which may lead to a XXE attack while restoring the backup."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611 Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-01",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-01"
}
]
},
"solution": [
{
"lang": "en",
"value": "Inductive Automation recommends users upgrade the Ignition software to the latest version:\n\nInductive Automation Ignition: Version 8.1.9 or later\nInductive Automation Ignition: Version 7.9.21 or later"
}
],
"source": {
"advisory": "ICSA-22-207-01",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-1704",
"datePublished": "2022-08-05T15:25:19.220Z",
"dateReserved": "2022-05-12T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:13:45.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39476 (GCVE-0-2023-39476)
Vulnerability from cvelistv5
Published
2024-05-03 02:10
Modified
2024-08-02 18:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
Inductive Automation Ignition JavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the JavaSerializationCodec class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20291.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-1046/ | x_research-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inductive Automation | Ignition |
Version: 8.1.25 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:inductiveautomation:ignition:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ignition",
"vendor": "inductiveautomation",
"versions": [
{
"lessThan": "8.1.35",
"status": "affected",
"version": "8.1.22",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39476",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-05T17:03:23.809391Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T20:59:53.039Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.678Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1046",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1046/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Ignition",
"vendor": "Inductive Automation",
"versions": [
{
"status": "affected",
"version": "8.1.25"
}
]
}
],
"dateAssigned": "2023-08-02T16:44:31.504-05:00",
"datePublic": "2023-08-08T09:49:12.720-05:00",
"descriptions": [
{
"lang": "en",
"value": "Inductive Automation Ignition JavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the JavaSerializationCodec class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20291."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:10:42.122Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1046",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1046/"
}
],
"source": {
"lang": "en",
"value": "Rocco Calvi (@TecR0c) and Steven Seeley (mr_me) of Incite Team"
},
"title": "Inductive Automation Ignition JavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-39476",
"datePublished": "2024-05-03T02:10:42.122Z",
"dateReserved": "2023-08-02T21:37:23.124Z",
"dateUpdated": "2024-08-02T18:10:20.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50223 (GCVE-0-2023-50223)
Vulnerability from cvelistv5
Published
2024-05-03 02:14
Modified
2024-08-02 22:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
Inductive Automation Ignition ExtendedDocumentCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability.
The specific flaw exists within the ExtendedDocumentCodec class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-22127.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-018/ | x_research-advisory | |
| https://security.inductiveautomation.com/?tcuUid=fc4c4515-046d-4365-b688-693337449c5b | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inductive Automation | Ignition |
Version: 6.4.1.207 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:inductiveautomation:ignition:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ignition",
"vendor": "inductiveautomation",
"versions": [
{
"status": "affected",
"version": "6.4.1.207"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50223",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T16:48:13.947162Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:05:08.998Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:09:49.796Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-24-018",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-018/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.inductiveautomation.com/?tcuUid=fc4c4515-046d-4365-b688-693337449c5b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Ignition",
"vendor": "Inductive Automation",
"versions": [
{
"status": "affected",
"version": "6.4.1.207"
}
]
}
],
"dateAssigned": "2023-12-05T13:37:59.691-06:00",
"datePublic": "2024-01-05T09:00:27.138-06:00",
"descriptions": [
{
"lang": "en",
"value": "Inductive Automation Ignition ExtendedDocumentCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the ExtendedDocumentCodec class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-22127."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:14:42.233Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-018",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-018/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://security.inductiveautomation.com/?tcuUid=fc4c4515-046d-4365-b688-693337449c5b"
}
],
"source": {
"lang": "en",
"value": "Andy Niu of Trend Micro Security Research"
},
"title": "Inductive Automation Ignition ExtendedDocumentCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-50223",
"datePublished": "2024-05-03T02:14:42.233Z",
"dateReserved": "2023-12-05T16:15:17.542Z",
"dateUpdated": "2024-08-02T22:09:49.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50220 (GCVE-0-2023-50220)
Vulnerability from cvelistv5
Published
2024-05-03 02:14
Modified
2024-08-02 22:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
Inductive Automation Ignition Base64Element Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability.
The specific flaw exists within the Base64Element class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-21801.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-015/ | x_research-advisory | |
| https://security.inductiveautomation.com/?tcuUid=fc4c4515-046d-4365-b688-693337449c5b | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inductive Automation | Ignition |
Version: 8.1.30 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:inductiveautomation:ignition:8.1.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ignition",
"vendor": "inductiveautomation",
"versions": [
{
"status": "affected",
"version": "8.1.30"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50220",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T18:14:54.610553Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:17:50.778Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:09:49.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-24-015",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-015/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.inductiveautomation.com/?tcuUid=fc4c4515-046d-4365-b688-693337449c5b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Ignition",
"vendor": "Inductive Automation",
"versions": [
{
"status": "affected",
"version": "8.1.30"
}
]
}
],
"dateAssigned": "2023-12-05T13:37:59.672-06:00",
"datePublic": "2024-01-05T09:00:11.022-06:00",
"descriptions": [
{
"lang": "en",
"value": "Inductive Automation Ignition Base64Element Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the Base64Element class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-21801."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:14:39.917Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-015",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-015/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://security.inductiveautomation.com/?tcuUid=fc4c4515-046d-4365-b688-693337449c5b"
}
],
"source": {
"lang": "en",
"value": "Nguyen Quoc Viet (Petrus Viet) of VNG Security Researcher"
},
"title": "Inductive Automation Ignition Base64Element Deserialization of Untrusted Data Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-50220",
"datePublished": "2024-05-03T02:14:39.917Z",
"dateReserved": "2023-12-05T16:15:17.542Z",
"dateUpdated": "2024-08-02T22:09:49.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39475 (GCVE-0-2023-39475)
Vulnerability from cvelistv5
Published
2024-05-03 02:10
Modified
2024-08-02 18:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
Inductive Automation Ignition ParameterVersionJavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the ParameterVersionJavaSerializationCodec class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20290.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-1047/ | x_research-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inductive Automation | Ignition |
Version: 8.1.25 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:inductiveautomation:ignition:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ignition",
"vendor": "inductiveautomation",
"versions": [
{
"lessThan": "8.1.35",
"status": "affected",
"version": "8.1.22",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39475",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-05T17:00:31.612223Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T20:59:42.213Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1047",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1047/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Ignition",
"vendor": "Inductive Automation",
"versions": [
{
"status": "affected",
"version": "8.1.25"
}
]
}
],
"dateAssigned": "2023-08-02T16:44:31.499-05:00",
"datePublic": "2023-08-08T09:49:17.670-05:00",
"descriptions": [
{
"lang": "en",
"value": "Inductive Automation Ignition ParameterVersionJavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the ParameterVersionJavaSerializationCodec class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20290."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:10:41.406Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1047",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1047/"
}
],
"source": {
"lang": "en",
"value": "Rocco Calvi (@TecR0c) and Steven Seeley (mr_me) of Incite Team"
},
"title": "Inductive Automation Ignition ParameterVersionJavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-39475",
"datePublished": "2024-05-03T02:10:41.406Z",
"dateReserved": "2023-08-02T21:37:23.124Z",
"dateUpdated": "2024-08-02T18:10:20.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39477 (GCVE-0-2023-39477)
Vulnerability from cvelistv5
Published
2024-05-03 02:10
Modified
2024-08-02 18:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - Uncontrolled Resource Consumption ('Resource Exhaustion')
Summary
Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-1050/ | x_research-advisory | |
| https://inductiveautomation.com/downloads/releasenotes/8.1.33 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inductive Automation | Ignition |
Version: 8.1.24 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:inductiveautomation:ignition:8.1.24:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ignition",
"vendor": "inductiveautomation",
"versions": [
{
"status": "affected",
"version": "8.1.24"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39477",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T15:47:53.751712Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T17:35:42.447Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1050",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1050/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://inductiveautomation.com/downloads/releasenotes/8.1.33"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Ignition",
"vendor": "Inductive Automation",
"versions": [
{
"status": "affected",
"version": "8.1.24"
}
]
}
],
"dateAssigned": "2023-08-02T16:44:31.510-05:00",
"datePublic": "2023-08-08T09:49:31.561-05:00",
"descriptions": [
{
"lang": "en",
"value": "Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20499."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption (\u0027Resource Exhaustion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:10:42.854Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1050",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1050/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://inductiveautomation.com/downloads/releasenotes/8.1.33"
}
],
"source": {
"lang": "en",
"value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Vens, Sharon Brizinov"
},
"title": "Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-39477",
"datePublished": "2024-05-03T02:10:42.854Z",
"dateReserved": "2023-08-02T21:37:23.124Z",
"dateUpdated": "2024-08-02T18:10:20.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39473 (GCVE-0-2023-39473)
Vulnerability from cvelistv5
Published
2024-05-03 02:10
Modified
2024-09-18 18:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
Inductive Automation Ignition AbstractGatewayFunction Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability.
The specific flaw exists within the AbstractGatewayFunction class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.
. Was ZDI-CAN-17587.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-1045/ | x_research-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inductive Automation | Ignition |
Version: Inductive Automation Ignition 8.1.17 LTS |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:inductiveautomation:ignition:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ignition",
"vendor": "inductiveautomation",
"versions": [
{
"lessThan": "8.1.35",
"status": "affected",
"version": "8.1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39473",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-05T17:14:05.364540Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T21:00:08.201Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.890Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1045",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1045/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Ignition",
"vendor": "Inductive Automation",
"versions": [
{
"status": "affected",
"version": "Inductive Automation Ignition 8.1.17 LTS"
}
]
}
],
"dateAssigned": "2023-08-02T16:44:31.488-05:00",
"datePublic": "2023-08-08T09:49:09.386-05:00",
"descriptions": [
{
"lang": "en",
"value": "Inductive Automation Ignition AbstractGatewayFunction Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the AbstractGatewayFunction class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.\n. Was ZDI-CAN-17587."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:29:36.706Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1045",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1045/"
}
],
"source": {
"lang": "en",
"value": "Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative"
},
"title": "Inductive Automation Ignition AbstractGatewayFunction Deserialization of Untrusted Data Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-39473",
"datePublished": "2024-05-03T02:10:39.937Z",
"dateReserved": "2023-08-02T21:37:23.124Z",
"dateUpdated": "2024-09-18T18:29:36.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}