Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for ignition_gateway by inductiveautomation

    CVE-2020-14520 (GCVE-0-2020-14520)

    Vulnerability from nvd – Published: 2020-07-31 12:30 – Updated: 2024-08-04 12:46
    VLAI
    Summary
    The affected product is vulnerable to an information leak, which may allow an attacker to obtain sensitive information on the Ignition 8 (all versions prior to 8.0.13).
    Severity
    No CVSS data available.
    CWE
    • CWE-862 - MISSING AUTHORIZATION CWE-862
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Ignition 8 Affected: All versions prior to 8.0.13
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:46:34.838Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-212-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ignition 8",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 8.0.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The affected product is vulnerable to an information leak, which may allow an attacker to obtain sensitive information on the Ignition 8 (all versions prior to 8.0.13)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "MISSING AUTHORIZATION CWE-862",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-31T12:30:53.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-212-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2020-14520",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ignition 8",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 8.0.13"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The affected product is vulnerable to an information leak, which may allow an attacker to obtain sensitive information on the Ignition 8 (all versions prior to 8.0.13)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "MISSING AUTHORIZATION CWE-862"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-212-01",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-212-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2020-14520",
        "datePublished": "2020-07-31T12:30:53.000Z",
        "dateReserved": "2020-06-19T00:00:00.000Z",
        "dateUpdated": "2024-08-04T12:46:34.838Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-12004 (GCVE-0-2020-12004)

    Vulnerability from nvd – Published: 2020-06-09 17:16 – Updated: 2024-08-04 11:48
    VLAI
    Summary
    The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.
    Severity
    No CVSS data available.
    CWE
    • CWE-306 - MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Ignition 8 Gateway Affected: versions prior to 7.9.14 and 8.0.10
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:48:57.637Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/158226/Inductive-Automation-Ignition-Remote-Code-Execution.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ignition 8 Gateway",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 7.9.14 and 8.0.10"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-06-25T22:06:14.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/158226/Inductive-Automation-Ignition-Remote-Code-Execution.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2020-12004",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ignition 8 Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 7.9.14 and 8.0.10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01",
                  "refsource": "MISC",
                  "url": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01"
                },
                {
                  "name": "http://packetstormsecurity.com/files/158226/Inductive-Automation-Ignition-Remote-Code-Execution.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/158226/Inductive-Automation-Ignition-Remote-Code-Execution.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2020-12004",
        "datePublished": "2020-06-09T17:16:04.000Z",
        "dateReserved": "2020-04-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:48:57.637Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-12000 (GCVE-0-2020-12000)

    Vulnerability from nvd – Published: 2020-06-09 17:54 – Updated: 2024-08-04 11:48
    VLAI
    Summary
    The affected product is vulnerable to the handling of serialized data. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.
    Severity
    No CVSS data available.
    CWE
    • CWE-502 - DESERIALIZATION OF UNTRUSTED DATA CWE-502
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Ignition 8 Gateway Affected: versions prior to 7.9.14 and 8.0.10
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:48:57.852Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ignition 8 Gateway",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 7.9.14 and 8.0.10"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The affected product is vulnerable to the handling of serialized data. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "DESERIALIZATION OF UNTRUSTED DATA CWE-502",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-06-18T17:54:51.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2020-12000",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ignition 8 Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 7.9.14 and 8.0.10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The affected product is vulnerable to the handling of serialized data. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "DESERIALIZATION OF UNTRUSTED DATA CWE-502"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01",
                  "refsource": "MISC",
                  "url": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2020-12000",
        "datePublished": "2020-06-09T17:54:03.000Z",
        "dateReserved": "2020-04-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:48:57.852Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-10644 (GCVE-0-2020-10644)

    Vulnerability from nvd – Published: 2020-06-09 17:50 – Updated: 2024-08-04 11:06
    VLAI
    Summary
    The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.
    Severity
    No CVSS data available.
    CWE
    • CWE-502 - DESERIALIZATION OF UNTRUSTED DATA CWE-502
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Ignition 8 Gateway Affected: versions prior to 7.9.14 and 8.0.10
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:06:10.582Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/158226/Inductive-Automation-Ignition-Remote-Code-Execution.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ignition 8 Gateway",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 7.9.14 and 8.0.10"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "DESERIALIZATION OF UNTRUSTED DATA CWE-502",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-06-25T22:06:15.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/158226/Inductive-Automation-Ignition-Remote-Code-Execution.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2020-10644",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ignition 8 Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 7.9.14 and 8.0.10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "DESERIALIZATION OF UNTRUSTED DATA CWE-502"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01",
                  "refsource": "MISC",
                  "url": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01"
                },
                {
                  "name": "http://packetstormsecurity.com/files/158226/Inductive-Automation-Ignition-Remote-Code-Execution.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/158226/Inductive-Automation-Ignition-Remote-Code-Execution.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2020-10644",
        "datePublished": "2020-06-09T17:50:58.000Z",
        "dateReserved": "2020-03-16T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:06:10.582Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-10641 (GCVE-0-2020-10641)

    Vulnerability from nvd – Published: 2020-04-28 18:22 – Updated: 2024-08-04 11:06
    VLAI
    Summary
    An unprotected logging route may allow an attacker to write endless log statements into the database without space limits or authentication. This results in consuming the entire available hard-disk space on the Ignition 8 Gateway (versions prior to 8.0.10), causing a denial-of-service condition.
    Severity
    No CVSS data available.
    CWE
    • CWE-284 - IMPROPER ACCESS CONTROLS CWE-284
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Ignition 8 Gateway Affected: versions prior to 8.0.10
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:06:10.554Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.us-cert.gov/ics/advisories/icsa-20-112-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ignition 8 Gateway",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 8.0.10"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An unprotected logging route may allow an attacker to write endless log statements into the database without space limits or authentication. This results in consuming the entire available hard-disk space on the Ignition 8 Gateway (versions prior to 8.0.10), causing a denial-of-service condition."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "IMPROPER ACCESS CONTROLS CWE-284",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-28T18:22:57.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.us-cert.gov/ics/advisories/icsa-20-112-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2020-10641",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ignition 8 Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 8.0.10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An unprotected logging route may allow an attacker to write endless log statements into the database without space limits or authentication. This results in consuming the entire available hard-disk space on the Ignition 8 Gateway (versions prior to 8.0.10), causing a denial-of-service condition."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER ACCESS CONTROLS CWE-284"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.us-cert.gov/ics/advisories/icsa-20-112-01",
                  "refsource": "MISC",
                  "url": "https://www.us-cert.gov/ics/advisories/icsa-20-112-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2020-10641",
        "datePublished": "2020-04-28T18:22:57.000Z",
        "dateReserved": "2020-03-16T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:06:10.554Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-14520 (GCVE-0-2020-14520)

    Vulnerability from cvelistv5 – Published: 2020-07-31 12:30 – Updated: 2024-08-04 12:46
    VLAI
    Summary
    The affected product is vulnerable to an information leak, which may allow an attacker to obtain sensitive information on the Ignition 8 (all versions prior to 8.0.13).
    Severity
    No CVSS data available.
    CWE
    • CWE-862 - MISSING AUTHORIZATION CWE-862
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Ignition 8 Affected: All versions prior to 8.0.13
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:46:34.838Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-212-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ignition 8",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 8.0.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The affected product is vulnerable to an information leak, which may allow an attacker to obtain sensitive information on the Ignition 8 (all versions prior to 8.0.13)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "MISSING AUTHORIZATION CWE-862",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-31T12:30:53.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-212-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2020-14520",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ignition 8",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 8.0.13"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The affected product is vulnerable to an information leak, which may allow an attacker to obtain sensitive information on the Ignition 8 (all versions prior to 8.0.13)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "MISSING AUTHORIZATION CWE-862"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-212-01",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-212-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2020-14520",
        "datePublished": "2020-07-31T12:30:53.000Z",
        "dateReserved": "2020-06-19T00:00:00.000Z",
        "dateUpdated": "2024-08-04T12:46:34.838Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-12000 (GCVE-0-2020-12000)

    Vulnerability from cvelistv5 – Published: 2020-06-09 17:54 – Updated: 2024-08-04 11:48
    VLAI
    Summary
    The affected product is vulnerable to the handling of serialized data. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.
    Severity
    No CVSS data available.
    CWE
    • CWE-502 - DESERIALIZATION OF UNTRUSTED DATA CWE-502
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Ignition 8 Gateway Affected: versions prior to 7.9.14 and 8.0.10
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:48:57.852Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ignition 8 Gateway",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 7.9.14 and 8.0.10"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The affected product is vulnerable to the handling of serialized data. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "DESERIALIZATION OF UNTRUSTED DATA CWE-502",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-06-18T17:54:51.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2020-12000",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ignition 8 Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 7.9.14 and 8.0.10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The affected product is vulnerable to the handling of serialized data. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "DESERIALIZATION OF UNTRUSTED DATA CWE-502"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01",
                  "refsource": "MISC",
                  "url": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2020-12000",
        "datePublished": "2020-06-09T17:54:03.000Z",
        "dateReserved": "2020-04-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:48:57.852Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-10644 (GCVE-0-2020-10644)

    Vulnerability from cvelistv5 – Published: 2020-06-09 17:50 – Updated: 2024-08-04 11:06
    VLAI
    Summary
    The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.
    Severity
    No CVSS data available.
    CWE
    • CWE-502 - DESERIALIZATION OF UNTRUSTED DATA CWE-502
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Ignition 8 Gateway Affected: versions prior to 7.9.14 and 8.0.10
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:06:10.582Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/158226/Inductive-Automation-Ignition-Remote-Code-Execution.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ignition 8 Gateway",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 7.9.14 and 8.0.10"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "DESERIALIZATION OF UNTRUSTED DATA CWE-502",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-06-25T22:06:15.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/158226/Inductive-Automation-Ignition-Remote-Code-Execution.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2020-10644",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ignition 8 Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 7.9.14 and 8.0.10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "DESERIALIZATION OF UNTRUSTED DATA CWE-502"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01",
                  "refsource": "MISC",
                  "url": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01"
                },
                {
                  "name": "http://packetstormsecurity.com/files/158226/Inductive-Automation-Ignition-Remote-Code-Execution.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/158226/Inductive-Automation-Ignition-Remote-Code-Execution.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2020-10644",
        "datePublished": "2020-06-09T17:50:58.000Z",
        "dateReserved": "2020-03-16T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:06:10.582Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-12004 (GCVE-0-2020-12004)

    Vulnerability from cvelistv5 – Published: 2020-06-09 17:16 – Updated: 2024-08-04 11:48
    VLAI
    Summary
    The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.
    Severity
    No CVSS data available.
    CWE
    • CWE-306 - MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Ignition 8 Gateway Affected: versions prior to 7.9.14 and 8.0.10
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:48:57.637Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/158226/Inductive-Automation-Ignition-Remote-Code-Execution.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ignition 8 Gateway",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 7.9.14 and 8.0.10"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-06-25T22:06:14.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/158226/Inductive-Automation-Ignition-Remote-Code-Execution.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2020-12004",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ignition 8 Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 7.9.14 and 8.0.10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01",
                  "refsource": "MISC",
                  "url": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01"
                },
                {
                  "name": "http://packetstormsecurity.com/files/158226/Inductive-Automation-Ignition-Remote-Code-Execution.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/158226/Inductive-Automation-Ignition-Remote-Code-Execution.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2020-12004",
        "datePublished": "2020-06-09T17:16:04.000Z",
        "dateReserved": "2020-04-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:48:57.637Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-10641 (GCVE-0-2020-10641)

    Vulnerability from cvelistv5 – Published: 2020-04-28 18:22 – Updated: 2024-08-04 11:06
    VLAI
    Summary
    An unprotected logging route may allow an attacker to write endless log statements into the database without space limits or authentication. This results in consuming the entire available hard-disk space on the Ignition 8 Gateway (versions prior to 8.0.10), causing a denial-of-service condition.
    Severity
    No CVSS data available.
    CWE
    • CWE-284 - IMPROPER ACCESS CONTROLS CWE-284
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Ignition 8 Gateway Affected: versions prior to 8.0.10
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:06:10.554Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.us-cert.gov/ics/advisories/icsa-20-112-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ignition 8 Gateway",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions prior to 8.0.10"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An unprotected logging route may allow an attacker to write endless log statements into the database without space limits or authentication. This results in consuming the entire available hard-disk space on the Ignition 8 Gateway (versions prior to 8.0.10), causing a denial-of-service condition."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "IMPROPER ACCESS CONTROLS CWE-284",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-28T18:22:57.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.us-cert.gov/ics/advisories/icsa-20-112-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2020-10641",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ignition 8 Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions prior to 8.0.10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An unprotected logging route may allow an attacker to write endless log statements into the database without space limits or authentication. This results in consuming the entire available hard-disk space on the Ignition 8 Gateway (versions prior to 8.0.10), causing a denial-of-service condition."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER ACCESS CONTROLS CWE-284"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.us-cert.gov/ics/advisories/icsa-20-112-01",
                  "refsource": "MISC",
                  "url": "https://www.us-cert.gov/ics/advisories/icsa-20-112-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2020-10641",
        "datePublished": "2020-04-28T18:22:57.000Z",
        "dateReserved": "2020-03-16T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:06:10.554Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }