virus logo Intrusion Prevention

Inductive.Automation.CVE-2022-35871.Authentication.Bypass

description-logoDescription

This indicates an attack attempt against an Authentication Bypass vulnerability in Inductive Automation Ignition.
The vulnerability is caused by insufficient authentication in the "authenticateAdSso" method. A remote attacker may be able to exploit this to bypass authentication and further lead to the execution of arbitrary code.

affected-products-logoAffected Products

Inductive Automation Ignition 8.1.15

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://inductiveautomation.com/downloads/releasenotes/8.0.8

Coverage

IPS (Regular DB)
IPS (Extended DB)
ID 52024
Created Aug 23, 2022
Updated May 23, 2024
CVE ID
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Exploit Prediction Score 25.2%
Default Action pass
Active
Affected OS Windows, Linux, MacOS
Affected App SCADA
Profile Type Improper Authentication