Main Vulnerability Database Vulnerabilities #VU40849

Information disclosure in Ignition - CVE-2015-0991

Published: April 3, 2015 / Updated: August 9, 2020

Vulnerability identifier: #VU40849

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2015-0991

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: facade.company

Affected software:
Ignition

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Inductive Automation Ignition 7.7.2 allows remote attackers to obtain sensitive information by reading an error message about an unhandled exception, as demonstrated by pathname information.

How to mitigate CVE-2015-0991

Install update from vendor's website.

Sources

https://ics-cert.us-cert.gov/advisories/ICSA-15-090-01

Information disclosure in Ignition - CVE-2015-0991

Detailed vulnerability description

How to mitigate CVE-2015-0991

Sources

Please verify you're human