Main Vulnerability Database Vulnerabilities #VU40849

#VU40849 Information disclosure in Ignition - CVE-2015-0991

Published: April 3, 2015 / Updated: August 9, 2020

Vulnerability identifier: #VU40849

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2015-0991

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Ignition

Software vendor:
facade.company

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Inductive Automation Ignition 7.7.2 allows remote attackers to obtain sensitive information by reading an error message about an unhandled exception, as demonstrated by pathname information.

Remediation

Install update from vendor's website.

External links

https://ics-cert.us-cert.gov/advisories/ICSA-15-090-01