0day vulnerabilities in Inductive Automation Ignition

do you know about this?

The critical vulnerabilities are described below:

  • The vulnerability has been detected in the JavaSerializationCodec class , due to the lack of proper validation of user-supplied data, which could result in the deserialization of untrusted data. An attacker could execute code in the context of SYSTEM. The identifier CVE-2023-39476 has been assigned for this vulnerability.
  • The flaw is in the ParameterVersionJavaSerializationCodec class, originating from the lack of correct validation of user-supplied data, which could result in the deserialization of untrusted data. An attacker could exploit this vulnerability to execute code in the context of SYSTEM. The identifier CVE-2023-39475 has been assigned for this vulnerability.

The other high severity vulnerabilities have been assigned the identifiers CVE-2023-39473, CVE-2023-39474 and CVE-2023-39477.

Hello Antonio,

A tech advisory regarding these vulnerabilities can be found at the following link.

6 Likes