How severe is CVE-2023-38122?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2023-38122?

This is classified as CWE-942, which is a common weakness in software security.

CVE-2023-38122 - HIGH Severity | CVSS 7.2

Vulnerability Description

Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the configuration of the web server. The issue results from the lack of appropriate Content Security Policy headers. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of SYSTEM. Was ZDI-CAN-20539.

Related Vulnerabilities

CVE-2019-14860

HIGH

CVSS:7.4(High)

It was found that the Syndesis configuration for Cross-Origin Resource Sharing was set to allow all origins. An attacker could use this lack of protection to conduct phishing attacks and further acces...

CWE-9422019

CVE-2022-47717

HIGH

CVSS:7.5(High)

Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing (CORS).

CWE-9422022

CVE-2023-23464

HIGH

CVSS:7.5(High)

Media CP Media Control Panel latest version. A Permissive Flash Cross-domain Policy may allow information disclosure.

CWE-9422023

CVE-2023-38125

HIGH

CVSS:7.5(High)

Softing edgeAggregator Permissive Cross-domain Policy with Untrusted Domains Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected insta...

CWE-9422023

CVE-2025-25234

HIGH

CVSS:7.5(High)

Omnissa UAG contains a Cross-Origin Resource Sharing (CORS) bypass vulnerability. A malicious actor with network access to UAG may be able to bypass administrator-configured CORS restrictions to gain ...

CWE-9422025

CVE-2022-34366

MEDIUM

CVSS:6.5(Medium)

Dell SupportAssist for Home PCs (version 3.11.2 and prior) contain Overly Permissive Cross-domain Whitelist vulnerability. An authenticated non-admin user could potentially exploit the issue and obtai...

CWE-9422022