Authentication Bypass Vulnerability in Inductive Automation Ignition
CVE-2022-35869

7.5HIGH

Key Information:

Vendor: Inductive Automation
Status: Ignition
Vendor: CVE Published:; 25 July 2022

🔔 Create Inductive Automation Vulnerability Alert

What is CVE-2022-35869?

A vulnerability has been identified in Inductive Automation Ignition that enables remote attackers to bypass authentication without needing valid credentials. This issue stems from inadequate authentication checks, particularly within the com.inductiveautomation.ignition.gateway.web.pages module. By exploiting this flaw, an attacker can gain unauthorized access to system functionalities, raising significant security concerns. For more information, refer to the advisories linked in the Zero Day Initiative and Inductive Automation support documentation.

Affected Version(s)

Ignition 8.1.15 (b2022030114)

References

https://www.zerodayinitiative.com/advisories/ZDI-22-1016/

x_refsource_MISC

https://support.inductiveautomation.com/hc/en-us/articles...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2022
Vulnerability Reserved
Jul 14, 2022

Credit

@_s_n_t of @pentestltd

JSON