PT-2022-23213 · Inductive Automation · Inductive Automation Ignition

Chris Anastasio

Published

2022-07-16

Updated

2022-07-23

CVE-2022-36126

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Inductive Automation Ignition versions 7.9.20 and earlier Inductive Automation Ignition versions 8.1.17 and earlier

Description An issue was discovered in Inductive Automation Ignition that allows remote attackers to execute arbitrary code by supplying a Python script using the ScriptInvoke function.

Recommendations For Inductive Automation Ignition versions 7.9.20 and earlier, update to version 7.9.20 or later. For Inductive Automation Ignition versions 8.1.17 and earlier, update to version 8.1.17 or later. As a temporary workaround, consider disabling the ScriptInvoke function until a patch is available.

Exploit

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2022-36126

Affected Products

Inductive Automation Ignition

PT-2022-23213 · Inductive Automation · Inductive Automation Ignition

CVE-2022-36126

Weakness Enumeration

Related Identifiers

Affected Products

References · 8