Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-12004

EPSS 20.36% · P96
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-12004

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
关键功能的认证机制缺失
Source: NVD (National Vulnerability Database)
Vulnerability Title
Inductive Automation Ignition 访问控制错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Inductive Automation Ignition是美国Inductive Automation公司的一套用于SCADA系统的集成软件平台。该平台支持SCADA(数据采集与监控系统)、HMI(人机界面)等。 Inductive Automation Ignition 8.0.10之前版本和7.9.14之前版本中存在访问控制错误漏洞。该漏洞源于网络系统或产品未正确限制来自未授权角色的资源访问。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-Ignition 8 Gateway versions prior to 7.9.14 and 8.0.10 -

II. Public POCs for CVE-2020-12004

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2020-12004

登录查看更多情报信息。

Same Patch Batch · n/a · 2020-06-09 · 19 CVEs total

CVE-2020-13160AnyDesk 格式化字符串错误漏洞
CVE-2020-13996Joomla! J2Store plugin SQL注入漏洞
CVE-2020-7456FreeBSD 缓冲区错误漏洞
CVE-2020-13872Royal TS 安全漏洞
CVE-2020-11957Cypress Semiconductor PSoC Creator BLE 安全特征问题漏洞
CVE-2020-13911Your Online Shop 跨站脚本漏洞
CVE-2020-12000Inductive Automation Ignition 代码问题漏洞
CVE-2020-10644Inductive Automation Ignition 代码问题漏洞
CVE-2020-13892WordPress SportsPress 跨站脚本漏洞
CVE-2020-13965Roundcube Webmail 跨站脚本漏洞
CVE-2020-13980OpenCart 跨站脚本漏洞
CVE-2020-13976DD-WRT 安全漏洞
CVE-2020-13977Nagios 注入漏洞
CVE-2020-13978Monstra CMS 操作系统命令注入漏洞
CVE-2020-10757Linux kernel 缓冲区错误漏洞
CVE-2020-13974Linux kernel 输入验证错误漏洞
CVE-2020-13973OWASP json-sanitizer 跨站脚本漏洞
CVE-2020-13964Roundcube Webmail 跨站脚本漏洞

IV. Related Vulnerabilities

Same product: Ignition 8 Gateway
Same vendor: n/a
Same weakness: CWE-306

V. Comments for CVE-2020-12004

No comments yet

Leave a comment