Description
Multiple serious vulnerabilities have been found in Inductive Automation Ignition. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information or inject arbitrary code.
Below is a complete list of vulnerabilities
- Improper passwords handling can be exploited remotely via an unknown vectors;
- An unknown vulnerability can be exploited remotely vai a specially designed session ID’s;
- Improper session handling can be exploited remotely via vectors related to logout action;
- Improper Server credentials storaging and other unknown vulnerability can be exploited remotely via error messages manipulation;
- XSS vulnerability can be exploited remotely via an unspecified vectors.
Original advisories
Related products
CVE list
- CVE-2015-0992 warning
- CVE-2015-0991 critical
- CVE-2015-0976 warning
- CVE-2015-0995 critical
- CVE-2015-0994 warning
- CVE-2015-0993 high
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!