Ignition
CVE-2015-0992
LOW
Severity by source
AV:L/AC:L/Au:N/C:P/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:L/AC:L/Au:N/C:P/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
Inductive Automation Ignition 7.7.2 stores cleartext OPC Server credentials, which allows local users to obtain sensitive information via unspecified vectors.
AnalysisAI
Inductive Automation Ignition 7.7.2 stores cleartext OPC Server credentials, which allows local users to obtain sensitive information via unspecified vectors. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. Inductive Automation Ignition 7.7.2 stores cleartext OPC Server credentials, which allows local users to obtain sensitive information via unspecified vectors. Affected products include: Inductiveautomation Ignition.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.
Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitra
An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. Rated critical severity (C
Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0,
An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. Rated high severity (CVSS
Due to an XML external entity reference, the software parses XML in the backup/restore functionality without XML securit
This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ig
The Ignition component before 1.16.15, and 2.0.x before 2.0.6, for Laravel has a "fix variable names" feature that can l
The Ignition component before 2.0.5 for Laravel mishandles globals, _get, _post, _cookie, and _env. Rated critical sever
The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline
The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code. Rated hi
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation I
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation I
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today