CVE-2022-35890
N/A
N/A
Summary
An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. Designer and Vision Client Session IDs are mishandled. An attacker can determine which session IDs were generated in the past and then hijack sessions assigned to these IDs via Randy.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://support.inductiveautomation.com/hc/en-us/articles/7625759776653
- https://github.com/sourceincite/randy
References
- https://support.inductiveautomation.com/hc/en-us/articles/7625759776653
- https://github.com/sourceincite/randy
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.