Vulnerability Description
An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. The ScriptInvoke function allows remote attackers to execute arbitrary code by supplying a Python script.
CVSS Score
7.2
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Inductiveautomation | Ignition | < 7.9.20 |
Related Weaknesses (CWE)
References
- https://github.com/sourceincite/randyExploitThird Party Advisory
- https://srcincite.io/advisories/src-2022-0014/Third Party Advisory
- https://support.inductiveautomation.com/hc/en-us/articles/7625759776653Vendor Advisory
- https://github.com/sourceincite/randyExploitThird Party Advisory
- https://srcincite.io/advisories/src-2022-0014/Third Party Advisory
- https://support.inductiveautomation.com/hc/en-us/articles/7625759776653Vendor Advisory
FAQ
What is CVE-2022-36126?
CVE-2022-36126 is a vulnerability with a CVSS score of 7.2 (HIGH). An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. The ScriptInvoke function allows remote attackers to execute arbitrary code by supplying a Python script.
How severe is CVE-2022-36126?
CVE-2022-36126 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-36126?
Check the references section above for vendor advisories and patch information. Affected products include: Inductiveautomation Ignition.