An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. The ScriptInvoke function allows remote attackers to execute arbitrary code by supplying a Python script.
References
Link | Resource |
---|---|
https://github.com/sourceincite/randy | Exploit Third Party Advisory |
https://srcincite.io/advisories/src-2022-0014/ | Third Party Advisory |
https://support.inductiveautomation.com/hc/en-us/articles/7625759776653 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
22 Jul 2022, 22:30
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:inductiveautomation:ignition:*:*:*:*:*:*:*:* | |
First Time |
Inductiveautomation ignition
Inductiveautomation |
|
CWE | CWE-863 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
References | (MISC) https://github.com/sourceincite/randy - Exploit, Third Party Advisory | |
References | (MISC) https://srcincite.io/advisories/src-2022-0014/ - Third Party Advisory | |
References | (MISC) https://support.inductiveautomation.com/hc/en-us/articles/7625759776653 - Vendor Advisory |
16 Jul 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-07-16 19:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-36126
Mitre link : CVE-2022-36126
CVE.ORG link : CVE-2022-36126
JSON object : View
Products Affected
inductiveautomation
- ignition
CWE
CWE-863
Incorrect Authorization