Описание
Multiple serious vulnerabilities have been found in Inductive Automation Ignition. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information or inject arbitrary code.
Below is a complete list of vulnerabilities
- Improper passwords handling can be exploited remotely via an unknown vectors;
- An unknown vulnerability can be exploited remotely vai a specially designed session ID’s;
- Improper session handling can be exploited remotely via vectors related to logout action;
- Improper Server credentials storaging and other unknown vulnerability can be exploited remotely via error messages manipulation;
- XSS vulnerability can be exploited remotely via an unspecified vectors.
Первичный источник обнаружения
Связанные продукты
Список CVE
- CVE-2015-0992 warning
- CVE-2015-0991 critical
- CVE-2015-0976 warning
- CVE-2015-0995 critical
- CVE-2015-0994 warning
- CVE-2015-0993 high
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com
Нашли неточность в описании этой уязвимости? Дайте нам знать!