Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function Authentication Bypass Vulnerability
CVE-2023-38123
What is CVE-2023-38123?
The Ignition OPC UA Quick Client by Inductive Automation has a vulnerability that enables attackers to bypass authentication measures under certain conditions. This security issue stems from an insufficient authentication mechanism present in the server configuration, particularly affecting the password change functionality. Successful exploitation requires a target to visit a malicious web page or to open a malicious file, allowing an attacker to gain unauthorized access to critical functionalities of the system easily. Addressing this flaw is essential for maintaining the integrity and security of installations running the affected software.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Ignition 8.1.24
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved