Vulnerability Details CVE-2022-36126
An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. The ScriptInvoke function allows remote attackers to execute arbitrary code by supplying a Python script.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.039
EPSS Ranking 87.7%
CVSS Severity
CVSS v3 Score 7.2
References
- https://github.com/sourceincite/randy
- https://srcincite.io/advisories/src-2022-0014/
- https://support.inductiveautomation.com/hc/en-us/articles/7625759776653
- https://github.com/sourceincite/randy
- https://srcincite.io/advisories/src-2022-0014/
- https://support.inductiveautomation.com/hc/en-us/articles/7625759776653
Products affected by CVE-2022-36126
-
cpe:2.3:a:inductiveautomation:ignition:7.5.0
-
cpe:2.3:a:inductiveautomation:ignition:7.5.1
-
cpe:2.3:a:inductiveautomation:ignition:7.5.10
-
cpe:2.3:a:inductiveautomation:ignition:7.5.11
-
cpe:2.3:a:inductiveautomation:ignition:7.5.12
-
cpe:2.3:a:inductiveautomation:ignition:7.5.13
-
cpe:2.3:a:inductiveautomation:ignition:7.5.14
-
cpe:2.3:a:inductiveautomation:ignition:7.5.2
-
cpe:2.3:a:inductiveautomation:ignition:7.5.3
-
cpe:2.3:a:inductiveautomation:ignition:7.5.4
-
cpe:2.3:a:inductiveautomation:ignition:7.5.5
-
cpe:2.3:a:inductiveautomation:ignition:7.5.6
-
cpe:2.3:a:inductiveautomation:ignition:7.5.7
-
cpe:2.3:a:inductiveautomation:ignition:7.5.8
-
cpe:2.3:a:inductiveautomation:ignition:7.5.9
-
cpe:2.3:a:inductiveautomation:ignition:7.6.0
-
cpe:2.3:a:inductiveautomation:ignition:7.6.1
-
cpe:2.3:a:inductiveautomation:ignition:7.6.2
-
cpe:2.3:a:inductiveautomation:ignition:7.6.3
-
cpe:2.3:a:inductiveautomation:ignition:7.6.4
-
cpe:2.3:a:inductiveautomation:ignition:7.6.5
-
cpe:2.3:a:inductiveautomation:ignition:7.6.6
-
cpe:2.3:a:inductiveautomation:ignition:7.6.7
-
cpe:2.3:a:inductiveautomation:ignition:7.7.0
-
cpe:2.3:a:inductiveautomation:ignition:7.7.1
-
cpe:2.3:a:inductiveautomation:ignition:7.7.2
-
cpe:2.3:a:inductiveautomation:ignition:7.7.3
-
cpe:2.3:a:inductiveautomation:ignition:7.7.4
-
cpe:2.3:a:inductiveautomation:ignition:7.7.5
-
cpe:2.3:a:inductiveautomation:ignition:7.7.6
-
cpe:2.3:a:inductiveautomation:ignition:7.7.7
-
cpe:2.3:a:inductiveautomation:ignition:7.7.8
-
cpe:2.3:a:inductiveautomation:ignition:7.8.0
-
cpe:2.3:a:inductiveautomation:ignition:7.8.1
-
cpe:2.3:a:inductiveautomation:ignition:7.8.2
-
cpe:2.3:a:inductiveautomation:ignition:7.8.3
-
cpe:2.3:a:inductiveautomation:ignition:7.8.4
-
cpe:2.3:a:inductiveautomation:ignition:7.8.5
-
cpe:2.3:a:inductiveautomation:ignition:7.9.0
-
cpe:2.3:a:inductiveautomation:ignition:7.9.1
-
cpe:2.3:a:inductiveautomation:ignition:7.9.10
-
cpe:2.3:a:inductiveautomation:ignition:7.9.11
-
cpe:2.3:a:inductiveautomation:ignition:7.9.12
-
cpe:2.3:a:inductiveautomation:ignition:7.9.13
-
cpe:2.3:a:inductiveautomation:ignition:7.9.14
-
cpe:2.3:a:inductiveautomation:ignition:7.9.15
-
cpe:2.3:a:inductiveautomation:ignition:7.9.16
-
cpe:2.3:a:inductiveautomation:ignition:7.9.17
-
cpe:2.3:a:inductiveautomation:ignition:7.9.18
-
cpe:2.3:a:inductiveautomation:ignition:7.9.19
-
cpe:2.3:a:inductiveautomation:ignition:7.9.2
-
cpe:2.3:a:inductiveautomation:ignition:7.9.3
-
cpe:2.3:a:inductiveautomation:ignition:7.9.4
-
cpe:2.3:a:inductiveautomation:ignition:7.9.5
-
cpe:2.3:a:inductiveautomation:ignition:7.9.6
-
cpe:2.3:a:inductiveautomation:ignition:7.9.7
-
cpe:2.3:a:inductiveautomation:ignition:7.9.8
-
cpe:2.3:a:inductiveautomation:ignition:7.9.9
-
cpe:2.3:a:inductiveautomation:ignition:8.0.1
-
cpe:2.3:a:inductiveautomation:ignition:8.0.10
-
cpe:2.3:a:inductiveautomation:ignition:8.0.11
-
cpe:2.3:a:inductiveautomation:ignition:8.0.12
-
cpe:2.3:a:inductiveautomation:ignition:8.0.13
-
cpe:2.3:a:inductiveautomation:ignition:8.0.14
-
cpe:2.3:a:inductiveautomation:ignition:8.0.15
-
cpe:2.3:a:inductiveautomation:ignition:8.0.16
-
cpe:2.3:a:inductiveautomation:ignition:8.0.17
-
cpe:2.3:a:inductiveautomation:ignition:8.0.2
-
cpe:2.3:a:inductiveautomation:ignition:8.0.3
-
cpe:2.3:a:inductiveautomation:ignition:8.0.4
-
cpe:2.3:a:inductiveautomation:ignition:8.0.5
-
cpe:2.3:a:inductiveautomation:ignition:8.0.6
-
cpe:2.3:a:inductiveautomation:ignition:8.0.7
-
cpe:2.3:a:inductiveautomation:ignition:8.0.8
-
cpe:2.3:a:inductiveautomation:ignition:8.0.9
-
cpe:2.3:a:inductiveautomation:ignition:8.1.0
-
cpe:2.3:a:inductiveautomation:ignition:8.1.1
-
cpe:2.3:a:inductiveautomation:ignition:8.1.10
-
cpe:2.3:a:inductiveautomation:ignition:8.1.11
-
cpe:2.3:a:inductiveautomation:ignition:8.1.12
-
cpe:2.3:a:inductiveautomation:ignition:8.1.13
-
cpe:2.3:a:inductiveautomation:ignition:8.1.14
-
cpe:2.3:a:inductiveautomation:ignition:8.1.15
-
cpe:2.3:a:inductiveautomation:ignition:8.1.16
-
cpe:2.3:a:inductiveautomation:ignition:8.1.2
-
cpe:2.3:a:inductiveautomation:ignition:8.1.3
-
cpe:2.3:a:inductiveautomation:ignition:8.1.4
-
cpe:2.3:a:inductiveautomation:ignition:8.1.5
-
cpe:2.3:a:inductiveautomation:ignition:8.1.6
-
cpe:2.3:a:inductiveautomation:ignition:8.1.7
-
cpe:2.3:a:inductiveautomation:ignition:8.1.8
-
cpe:2.3:a:inductiveautomation:ignition:8.1.9