CVE-2022-1704

Summary

Due to an XML external entity reference, the software parses XML in the backup/restore functionality without XML security flags, which may lead to a XXE attack while restoring the backup.

Affected Software

VendorProductVersion RangeStatus
Inductive AutomationIgnition8.1 <= 8.1.7affected
Inductive AutomationIgnitionAll < 7.9.21affected

Weaknesses

  • CWE-611: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References