Описание
The affected product is vulnerable to the handling of serialized data. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.
Ссылки
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия от 7.2.4.48 (включая) до 7.9.14 (исключая)Версия от 8.0 (включая) до 8.0.10 (исключая)
Одно из
cpe:2.3:a:inductiveautomation:ignition_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:inductiveautomation:ignition_gateway:*:*:*:*:*:*:*:*
EPSS
Процентиль: 60%
0.00399
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-502
CWE-502
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
The affected product is vulnerable to the handling of serialized data. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10), allowing an attacker to obtain sensitive information.
EPSS
Процентиль: 60%
0.00399
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-502
CWE-502