漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. Designer and Vision Client Session IDs are mishandled. An attacker can determine which session IDs were generated in the past and then hijack sessions assigned to these IDs via Randy.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Inductive Automation Ignition 安全漏洞
Vulnerability Description
Inductive Automation Ignition是美国Inductive Automation公司的一套用于SCADA系统的集成软件平台。该平台支持SCADA(数据采集与监控系统)、HMI(人机界面)等。 Inductive Automation Ignition 7.9.20之前版本和8.1.17之前的8.x版本存在安全漏洞,该漏洞源于设计器和视觉客户端会话ID处理不当。攻击者可以确定哪些会话ID是在过去产生的,然后通过Randy劫持分配给这些ID的会话。
CVSS Information
N/A
Vulnerability Type
N/A