PT-2015-5011 · Inductive Automation · Inductive Automation Ignition

Published

2015-04-03

Updated

2015-04-03

CVE-2015-0993

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Inductive Automation Ignition version 7.7.2

Description The issue allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation, as the session is not terminated upon a logout action.

Recommendations For Inductive Automation Ignition version 7.7.2, consider implementing a custom session termination mechanism to ensure that sessions are properly closed after a logout action, or restrict access to workstations to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-254

Related Identifiers

CVE-2015-0993

Affected Products

Inductive Automation Ignition

PT-2015-5011 · Inductive Automation · Inductive Automation Ignition

CVE-2015-0993

Weakness Enumeration

Related Identifiers

Affected Products

References · 2