 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.805472 |
| Categoría: | Web application abuses |
| Título: | Inductive Automation Ignition < 7.7.4 Multiple Vulnerabilities |
| Resumen: | Inductive Automation Ignition is prone to multiple vulnerabilities. |
| Descripción: | Summary: Inductive Automation Ignition is prone to multiple vulnerabilities. Vulnerability Insight: Multiple errors exist due to: - The MD5 Message-Digest Algorithm does not provide enough collision resistance when hashing keys. - A flaw in Inductive Automation Ignition that is triggered when resetting the session ID parameter via a HTTP request. - A flaw in the web interface that is due to a missing session termination once a user logs out. - A flaw in application that is due to the program storing OPC server credentials in plaintext. - A flaw in application that is triggered when an unhandled exception occurs, which can cause an error or warning message. - The application does not validate input before returning it to users. Vulnerability Impact: Successful exploitation will allow remote attackers to gain access to potentially sensitive information, hijack an active session, bypass the anti-bruteforce mechanism, create malicious applications or conduct other spoofing attacks, and create a specially crafted request that would execute arbitrary script code in a user's browser session. Affected Software/OS: Inductive Automation Ignition version 7.7.2 Solution: Upgrade to Inductive Automation Ignition version 7.7.4 or later. CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-0995 https://ics-cert.us-cert.gov/advisories/ICSA-15-090-01 Common Vulnerability Exposure (CVE) ID: CVE-2015-0994 Common Vulnerability Exposure (CVE) ID: CVE-2015-0993 Common Vulnerability Exposure (CVE) ID: CVE-2015-0992 Common Vulnerability Exposure (CVE) ID: CVE-2015-0991 Common Vulnerability Exposure (CVE) ID: CVE-2015-0976 |
| Copyright | Copyright (C) 2015 Greenbone AG |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |