Inductiveautomation Ignition — known CVE vulnerabilities
Every CVE whose affected-product data names Inductiveautomation Ignition, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (35)
CVE-2023-39476 — CVSS 9.8 (critical): Inductive Automation Ignition JavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This…
CVE-2023-39475 — CVSS 9.8 (critical): Inductive Automation Ignition ParameterVersionJavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability…
CVE-2022-35869 — CVSS 9.8 (critical): This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition 8.1.15…
CVE-2022-35890 — CVSS 9.8 (critical): An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. Designer and Vision Client Session IDs are…
CVE-2023-50218 — CVSS 8.8 (high): Inductive Automation Ignition ModuleInvoke Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows…
CVE-2023-50220 — CVSS 8.8 (high): Inductive Automation Ignition Base64Element Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability…
CVE-2022-35871 — CVSS 7.8 (high): This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15…
CVE-2022-35870 — CVSS 7.8 (high): This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15…
CVE-2022-35873 — CVSS 7.8 (high): This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15…
CVE-2022-35872 — CVSS 7.8 (high): This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15…
CVE-2022-1704 — CVSS 7.6 (high): Due to an XML external entity reference, the software parses XML in the backup/restore functionality without XML security flags, which may…
CVE-2022-36126 — CVSS 7.2 (high): An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. The ScriptInvoke function allows remote…
CVE-2022-1264 — CVSS 6.8 (medium): The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code.
CVE-2023-39472 — CVSS 6.5 (medium): Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability. This vulnerability…
CVE-2015-0993 — CVSS 6.4 (medium): Inductive Automation Ignition 7.7.2 does not terminate a session upon a logout action, which allows remote attackers to bypass intended…
CVE-2025-13913 — CVSS 6.3 (medium): A privileged Ignition user, intentionally or otherwise, imports an external file with a specially crafted payload, which executes embedded…
CVE-2020-14479 — CVSS 5.3 (medium): Sensitive information can be obtained through the handling of serialized data. The issue results from the lack of proper authentication…
CVE-2015-0995 — CVSS 5.0 (medium): Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which makes it easier for context-dependent attackers to obtain access via a…
CVE-2015-0991 — CVSS 5.0 (medium): Inductive Automation Ignition 7.7.2 allows remote attackers to obtain sensitive information by reading an error message about an unhandled…
CVE-2015-0976 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Inductive Automation Ignition 7.7.2 allows remote attackers to inject arbitrary web script or…
CVE-2015-0994 — CVSS 4.0 (medium): Inductive Automation Ignition 7.7.2 allows remote authenticated users to bypass a brute-force protection mechanism by using different…
CVE-2015-0992 — CVSS 2.1 (low): Inductive Automation Ignition 7.7.2 stores cleartext OPC Server credentials, which allows local users to obtain sensitive information via…