threat
engine
.sh
Back
·
··:··
Home
/
Product
/
inductiveautomation ignition
Product
inductiveautomation ignition
41 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2023-50233
>= 8.1.0 and < 8.1.33
Inductive Automation Ignition getJavaExecutable Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows
8.8
HIGH
CVE-2023-50232
>= 8.1.0 and < 8.1.33
Inductive Automation Ignition getParams Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote a
8.8
HIGH
CVE-2023-50223
>= 8.1.0 and < 8.1.35
Inductive Automation Ignition ExtendedDocumentCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vu
8.8
HIGH
CVE-2023-50222
>= 8.1.0 and < 8.1.35
Inductive Automation Ignition ResponseParser Notification Deserialization of Untrusted Data Remote Code Execution Vulnerability. T
8.8
HIGH
CVE-2023-50221
>= 8.1.0 and < 8.1.35
Inductive Automation Ignition ResponseParser SerializedResponse Deserialization of Untrusted Data Remote Code Execution Vulnerabil
8.8
HIGH
CVE-2023-50220
>= 8.1.0 and < 8.1.35
Inductive Automation Ignition Base64Element Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerabil
8.8
HIGH
CVE-2023-50219
>= 8.1.0 and < 8.1.35
Inductive Automation Ignition RunQuery Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability a
8.8
HIGH
CVE-2023-50218
>= 8.1.0 and < 8.1.35
Inductive Automation Ignition ModuleInvoke Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerabili
8.8
HIGH
CVE-2023-39477
>= 8.1.0 and < 8.1.33
Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remo
7.5
HIGH
CVE-2023-39476
>= 8.1.0 and < 8.1.35
Inductive Automation Ignition JavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This v
9.8
CRITICAL
CVE-2023-39475
>= 8.1.0 and < 8.1.35
Inductive Automation Ignition ParameterVersionJavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulne
9.8
CRITICAL
CVE-2023-39474
>= 8.1.0 and < 8.1.35
Inductive Automation Ignition downloadLaunchClientJar Remote Code Execution Vulnerability. This vulnerability allows remote attack
8.8
HIGH
CVE-2023-39473
>= 8.1.0 and < 8.1.35
Inductive Automation Ignition AbstractGatewayFunction Deserialization of Untrusted Data Remote Code Execution Vulnerability. This
8.8
HIGH
CVE-2023-39472
>= 8.1.0 and < 8.1.32
Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability. This vulnerabil
6.5
MEDIUM
CVE-2023-38124
< 8.1.26
Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability.
8.8
HIGH
CVE-2023-38123
< 8.1.26
Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function Authentication Bypass Vulnerability
8.8
HIGH
CVE-2023-38122
< 8.1.26
Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code Execution Vulnerability. This vulnera
7.2
HIGH
CVE-2023-38121
< 8.1.26
Inductive Automation Ignition OPC UA Quick Client Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability all
9.0
CRITICAL
CVE-2022-1704
>= 7.9.0 and < 7.9.21
Due to an XML external entity reference, the software parses XML in the backup/restore functionality without XML security flags, w
7.6
HIGH
CVE-2022-35873
all versions
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.
7.8
HIGH
CVE-2022-35872
all versions
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.
7.8
HIGH
CVE-2022-35871
all versions
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.
7.8
HIGH
CVE-2022-35870
all versions
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.
7.8
HIGH
CVE-2022-35869
all versions
This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition 8.1
9.8
CRITICAL
CVE-2022-1264
>= 8.0.4 and < 8.1.10
The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code.
6.8
MEDIUM
CVE-2022-36126
< 7.9.20
An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. The ScriptInvoke function allows rem
7.2
HIGH
CVE-2022-35890
< 7.9.20
An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. Designer and Vision Client Session I
9.8
CRITICAL
CVE-2022-1706
< 2.14.0
A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware
6.5
MEDIUM
CVE-2020-14479
>= 7.0.0 and < 7.9.14
Sensitive information can be obtained through the handling of serialized data. The issue results from the lack of proper authentic
5.3
MEDIUM
CVE-2021-43996
< 1.6.15
The Ignition component before 1.16.15, and 2.0.x before 2.0.6, for Laravel has a "fix variable names" feature that can lead to inc
9.8
CRITICAL
CVE-2021-24220
< 2.0.0
Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus
9.1
CRITICAL
CVE-2021-24219
< 2.0.0
The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer
5.3
MEDIUM
CVE-2021-3129
< 2.5.2
Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code be
9.8
CRITICAL
CVE-2020-13909
>= 1.0.0 and < 1.16.15
The Ignition component before 2.0.5 for Laravel mishandles globals, _get, _post, _cookie, and _env. NOTE: in the 1.x series, versi
9.8
CRITICAL
CVE-2015-0995
all versions
Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which makes it easier for context-dependent attackers to obtain acce
CVE-2015-0994
all versions
Inductive Automation Ignition 7.7.2 allows remote authenticated users to bypass a brute-force protection mechanism by using differ
CVE-2015-0993
all versions
Inductive Automation Ignition 7.7.2 does not terminate a session upon a logout action, which allows remote attackers to bypass int
CVE-2015-0992
all versions
Inductive Automation Ignition 7.7.2 stores cleartext OPC Server credentials, which allows local users to obtain sensitive informat
CVE-2015-0991
all versions
Inductive Automation Ignition 7.7.2 allows remote attackers to obtain sensitive information by reading an error message about an u
CVE-2015-0976
all versions
Cross-site scripting (XSS) vulnerability in Inductive Automation Ignition 7.7.2 allows remote attackers to inject arbitrary web sc
CVE-2009-4426
all versions
Multiple directory traversal vulnerabilities in Ignition 1.2, when magic_quotes_gpc is disabled, allow remote attackers to include
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin