CVE-2020-12004
N/A
N/A
Summary
The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Ignition 8 Gateway | versions prior to 7.9.14 and 8.0.10 | affected |
Weaknesses
- CWE-306: MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306
ADP Enrichment
CVE Program Container
Additional References
- https://www.us-cert.gov/ics/advisories/icsa-20-147-01
- http://packetstormsecurity.com/files/158226/Inductive-Automation-Ignition-Remote-Code-Execution.html
References
- https://www.us-cert.gov/ics/advisories/icsa-20-147-01
- http://packetstormsecurity.com/files/158226/Inductive-Automation-Ignition-Remote-Code-Execution.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.