Inductive Automation Ignition
CVE-2022-1704

7.6HIGH

Key Information:

Vendor: Inductive Automation
Status: Ignition
Vendor: CVE Published:; 5 August 2022

🔔 Create Inductive Automation Vulnerability Alert

What is CVE-2022-1704?

Due to an XML external entity reference, the software parses XML in the backup/restore functionality without XML security flags, which may lead to a XXE attack while restoring the backup.

Affected Version(s)

Ignition 8.1 <= 8.1.7

Ignition All < 7.9.21

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-01

x_refsource_MISC

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 5, 2022
Vulnerability Reserved
May 12, 2022

Credit

Keval Shah reported this vulnerability to CISA

JSON