4.2.2 DESERIALIZATION OF UNTRUSTED DATA CWE-502 A CVSS v3 base score of 5.3 has been calculated the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). The affected product lacks proper authentication required to query the server.ĬVE-2020-12004 has been assigned to this vulnerability. Inductive Automation Ignition 8 Gateway versions prior to 8.0.10Ĥ.2 VULNERABILITY OVERVIEW 4.2.1 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306.Inductive Automation Ignition 7 Gateway versions prior to 7.9.14.The following versions of Inductive Automation Ignition are affected: Successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive information and perform remote code execution with SYSTEM privileges. This updated advisory is a follow-up to the original advisory titled ICSA-20-147-01 Inductive Automation Ignition (Update A) that was published June 2, 2020, on the ICS webpage on. Vulnerabilities: Missing Authentication for Critical Function, Deserialization of Untrusted Data.ATTENTION: Exploitable remotely/low skill level to exploit.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |