CRITICAL🇬🇧 English

CVE-2022-35890

CVSS 9.8v3.1pub. 2022-07-15upd. 2024-11-21

An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. Designer and Vision Client Session IDs are mishandled. An attacker can determine which session IDs were generated in the past and then hijack sessions assigned to these IDs via Randy.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Inductiveautomation Ignition

    APP
    Inductiveautomation
    < 7.9.208.0.1 – 8.1.17 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2023-39476CRITICAL9.8PL ✓ten sam produkt

Inductive Automation Ignition — RCE przez deserialization w JavaSerializationCodec

CVE-2023-38121CRITICAL9.0PL ✓ten sam produkt

XSS do RCE w Inductive Automation Ignition OPC UA Quick Client

CVE-2023-39475CRITICAL9.8PL ✓ten sam produkt

RCE przez deserializację w Inductive Automation Ignition (ParameterVersionJavaSerializationCodec)

CVE-2022-35869CRITICAL9.8ten sam produkt

This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Aut...

CVE-2023-38122HIGH7.2ten sam produkt

Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code Execution Vulnera...