inductiveautomation 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は パス処理の欠陥、vendor risk cross-site scripting, and vendor risk xxe に関連することが多く、vendor surface production workloads and vendor surface software deployment の文脈で ファイル上書き and vendor impact session compromise などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-13913 | A privileged Ignition user, intentionally or otherwise, imports an external file with a specially crafted payload, which executes embedded malicious code. | [email protected] | 5.4 | 0.03% | 2026-03-12 | 2026-06-05 |
| CVE-2023-50233 | Inductive Automation Ignition getJavaExecutable Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server. The specific flaw exists within the getJavaExecutable method. The issue results from the lack of proper validation of a user-supplied path prior to usi | [email protected] | 8.8 | 3.65% | 2024-05-03 | 2025-03-12 |
| CVE-2023-50232 | Inductive Automation Ignition getParams Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server. The specific flaw exists within the getParams method. The issue results from the lack of proper validation of a user-supplied string before using it to prepare | [email protected] | 8.8 | 2.19% | 2024-05-03 | 2025-03-12 |
| CVE-2023-50223 | Inductive Automation Ignition ExtendedDocumentCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the ExtendedDocumentCodec class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted | [email protected] | 8.8 | 53.43% | 2024-05-03 | 2025-03-12 |
| CVE-2023-50222 | Inductive Automation Ignition ResponseParser Notification Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server. The specific flaw exists within the ResponseParser method. The issue results from the lack of proper validation of user-supplie | [email protected] | 8.8 | 3.20% | 2024-05-03 | 2025-03-12 |
| CVE-2023-50221 | Inductive Automation Ignition ResponseParser SerializedResponse Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server. The specific flaw exists within the ResponseParser method. The issue results from the lack of proper validation of user-s | [email protected] | 8.8 | 3.10% | 2024-05-03 | 2025-03-12 |
| CVE-2023-50220 | Inductive Automation Ignition Base64Element Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the Base64Element class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attack | [email protected] | 8.8 | 7.08% | 2024-05-03 | 2025-03-12 |
| CVE-2023-50219 | Inductive Automation Ignition RunQuery Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the RunQuery class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can lev | [email protected] | 8.8 | 8.91% | 2024-05-03 | 2025-03-12 |
| CVE-2023-50218 | Inductive Automation Ignition ModuleInvoke Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the ModuleInvoke class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker | [email protected] | 8.8 | 48.96% | 2024-05-03 | 2025-03-12 |
| CVE-2023-39477 | Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacke | [email protected] | 7.5 | 0.34% | 2024-05-03 | 2025-03-12 |
| CVE-2023-39476 | Inductive Automation Ignition JavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability. The specific flaw exists within the JavaSerializationCodec class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of unt | [email protected] | 9.8 | 2.15% | 2024-05-03 | 2025-03-12 |
| CVE-2023-39475 | Inductive Automation Ignition ParameterVersionJavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ParameterVersionJavaSerializationCodec class. The issue results from the lack of proper validation of user-supplied data, which can | [email protected] | 9.8 | 2.93% | 2024-05-03 | 2025-03-13 |
| CVE-2023-39474 | Inductive Automation Ignition downloadLaunchClientJar Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server. The specific flaw exists within the downloadLaunchClientJar function. The issue results from the lack of validating a remote JAR file prior to loading it. An attacke | [email protected] | 8.8 | 1.05% | 2024-05-03 | 2025-03-13 |
| CVE-2023-39473 | Inductive Automation Ignition AbstractGatewayFunction Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the AbstractGatewayFunction class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untru | [email protected] | 8.8 | 29.90% | 2024-05-03 | 2025-03-13 |
| CVE-2023-39472 | Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the SimpleXMLReader class. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser | [email protected] | 6.5 | 0.53% | 2024-05-03 | 2025-03-13 |
| CVE-2023-38124 | Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the Ignition Gateway server. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to execute code | [email protected] | 8.8 | 53.76% | 2024-05-03 | 2025-03-13 |
| CVE-2023-38123 | Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the server configuration. The issue results from the lack of authentication | [email protected] | 8.8 | 0.30% | 2024-05-03 | 2025-03-13 |
| CVE-2023-38122 | Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the configuration of the web server. The issue results from the lack of appropriate Content Securi | [email protected] | 7.2 | 0.56% | 2024-05-03 | 2025-03-12 |
| CVE-2023-38121 | Inductive Automation Ignition OPC UA Quick Client Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the id parameter provided to the Inductive Automation Ignition web interface. The | [email protected] | 9.0 | 1.73% | 2024-05-03 | 2025-03-12 |
| CVE-2022-1704 | Due to an XML external entity reference, the software parses XML in the backup/restore functionality without XML security flags, which may lead to a XXE attack while restoring the backup. | [email protected] | 7.6 | 0.26% | 2022-08-05 | 2024-11-21 |