ZDI-23-1013: (Pwn2Own) Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code Execution Vulnerability | allinfosecnews.com

Aug. 1, 2023, 5 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.

arbitrary code attackers authentication automation client code code execution domain exploit ignition inductive automation opc opc ua policy pwn2own remote code remote code execution vulnerability zdi

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-24-439: Microsoft Windows Bluetooth AVDTP Protocol Integer Underflow Remote Code Execution Vulnerability 1 day, 6 hours ago | www.zerodayinitiative.com

arbitrary code attackers bluetooth code +20

ZDI-24-438: Dassault Systèmes eDrawings Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability 1 day, 6 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +16

ZDI-24-437: Dassault Systèmes eDrawings Viewer DXF File Parsing Type Confusion Remote Code Execution Vulnerability 1 day, 6 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +15

ZDI-24-436: Dassault Systèmes eDrawings Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability 1 day, 6 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +16

ZDI-24-435: Dassault Systèmes eDrawings Viewer DXF File Parsing Type Confusion Remote Code Execution Vulnerability 1 day, 6 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +15

ZDI-24-434: Dassault Systèmes eDrawings Viewer SAT File Parsing Uninitialized Variable Remote Code Execution Vulnerability 1 day, 6 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +16

ZDI-24-433: Dassault Systèmes eDrawings Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability 1 day, 6 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +16

ZDI-24-432: Dassault Systèmes eDrawings Viewer JT File Parsing Memory Corruption Remote Code Execution Vulnerability 1 day, 6 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +17

ZDI-24-431: Dassault Systèmes eDrawings Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability 1 day, 6 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +16

Security Engineer II, Engineering

@ Trail of Bits | Worldwide - Remote

View on infosec-jobs.com

Technical Support Engineer - Network Security

@ Ivanti | Bengaluru, India (Bagmane)

View on infosec-jobs.com

Senior Security Analyst- Container Threat and Vulnerability Management

@ Oracle | Philippines

View on infosec-jobs.com

Cybersecurity Strategy & Operations Officer (m/f/d)

@ Nordex Group | Madrid, ES, 28001

View on infosec-jobs.com

Security Administrator

@ ManTech | 201DT - 2251 Corp Park Dr, Herndon, VA

View on infosec-jobs.com

Cybersecurity Specialist

@ GFT Technologies | Sant Cugat del Vallès, B, ES, 08174

View on infosec-jobs.com