Inductiveautomation: >> Ignition >> 8.1.4 Security Vulnerabilities
The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code.
CVSS Score
6.8
EPSS Score
0.008
Published
2022-07-20
An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. The ScriptInvoke function allows remote attackers to execute arbitrary code by supplying a Python script.
CVSS Score
7.2
EPSS Score
0.019
Published
2022-07-16
An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. Designer and Vision Client Session IDs are mishandled. An attacker can determine which session IDs were generated in the past and then hijack sessions assigned to these IDs via Randy.
CVSS Score
9.8
EPSS Score
0.016
Published
2022-07-15
Page 3