ID
VAR-E-201503-0316
CVE
| cve_id: | CVE-2015-0976 | Trust: 0.3 |
TITLE
Inductive Automation Ignition CVE-2015-0976 Cross Site Scripting Vulnerability
Trust: 0.3
DESCRIPTION
Inductive Automation Ignition is prone to an unspecified cross-site scripting vulnerability.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Inductive Automation Ignition 7.7.2 is vulnerable; other versions may also be affected.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | inductive | model: | automation ignition | scope: | eq | version: | 7.7.2 | Trust: 0.3 |
EXPLOIT
Successful exploits requires an attacker to gain local interactive access to a vulnerable computer.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Input Validation Error
Trust: 0.3
CREDITS
Evgeny Druzhinin, Alexey Osipov, Ilya Karpov, and Gleb Gritsai.
Trust: 0.3
EXTERNAL IDS
| db: | ICS CERT | id: | ICSA-15-090-01 | Trust: 0.3 |
| db: | NVD | id: | CVE-2015-0976 | Trust: 0.3 |
| db: | BID | id: | 73468 | Trust: 0.3 |
REFERENCES
| url: | https://ics-cert.us-cert.gov/advisories/icsa-15-090-01 | Trust: 0.3 |
| url: | http://www.inductiveautomation.com/scada-software | Trust: 0.3 |
SOURCES
| db: | BID | id: | 73468 |
LAST UPDATE DATE
2022-07-27T09:27:23.092000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 73468 | date: | 2015-03-31T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 73468 | date: | 2015-03-31T00:00:00 |