Inductiveautomation Ignition
7 CVEs affecting Inductiveautomation Ignition. Latest disclosed: 2026-03-12. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-13913 | Medium | 6.3 | 2026-03-12 | A privileged Ignition user, intentionally or otherwise, imports an external file with a specially crafted payload, which executes embedded malicious code. |
CVE-2015-0995 | | 2015-04-03 | Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which makes it easier for context-dependent attackers to obtain access via a brute-force attack. | |
CVE-2015-0994 | | 2015-04-03 | Inductive Automation Ignition 7.7.2 allows remote authenticated users to bypass a brute-force protection mechanism by using different session ID values in a se… | |
CVE-2015-0993 | | 2015-04-03 | Inductive Automation Ignition 7.7.2 does not terminate a session upon a logout action, which allows remote attackers to bypass intended access restrictions by… | |
CVE-2015-0992 | | 2015-04-03 | Inductive Automation Ignition 7.7.2 stores cleartext OPC Server credentials, which allows local users to obtain sensitive information via unspecified vectors. | |
CVE-2015-0991 | | 2015-04-03 | Inductive Automation Ignition 7.7.2 allows remote attackers to obtain sensitive information by reading an error message about an unhandled exception, as demons… | |
CVE-2015-0976 | | 2015-04-03 | Cross-site scripting (XSS) vulnerability in Inductive Automation Ignition 7.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified… |