Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. Designer and Vision Client Session IDs are mishandled. An attacker can determine which session IDs were generated in the past and then hijack sessions assigned to these IDs via Randy.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Inductive Automation Ignition 安全漏洞
Vulnerability Description
Inductive Automation Ignition是美国Inductive Automation公司的一套用于SCADA系统的集成软件平台。该平台支持SCADA(数据采集与监控系统)、HMI(人机界面)等。 Inductive Automation Ignition 7.9.20之前版本和8.1.17之前的8.x版本存在安全漏洞,该漏洞源于设计器和视觉客户端会话ID处理不当。攻击者可以确定哪些会话ID是在过去产生的,然后通过Randy劫持分配给这些ID的会话。
CVSS Information
N/A
Vulnerability Type
N/A