CVE-2022-1264

Summary

The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code.

Affected Software

VendorProductVersion RangeStatus
Inductive AutomationIgnitionAll 8.1 versions 8.1.10affected
Inductive AutomationIgnition8.0.4 < All 8.0 versions*affected

Weaknesses

  • CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References