CVE-2022-1704

Due to an XML external entity reference, the software parses XML in the backup/restore functionality without XML security flags, which may lead to a XXE attack while restoring the backup.

Published: Aug 5, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-1704
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-611

OWASP TOP 10:

A4 - XML External Entities (XXE)

Affected Software
References

Software	From	Fixed in
inductiveautomation / ignition	7.9.0	7.9.21
inductiveautomation / ignition	8.1.0	8.1.8

https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-01

Vulnerability Database

289,689

CVE-2022-1704