How severe is CVE-2023-39474?

This vulnerability has a severity rating of HIGH with a CVSS score of 8 out of 10.

What type of vulnerability is CVE-2023-39474?

This is classified as CWE-494, which is a common weakness in software security.

CVE-2023-39474 - HIGH Severity | CVSS 8

Vulnerability Description

Inductive Automation Ignition downloadLaunchClientJar Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server. The specific flaw exists within the downloadLaunchClientJar function. The issue results from the lack of validating a remote JAR file prior to loading it. An attacker can leverage this vulnerability to execute code in the context of the current user. . Was ZDI-CAN-19915.

Related Vulnerabilities

CVE-2008-3324

HIGH

CVSS:8.1(High)

The PartyGaming PartyPoker client program 121/120 does not properly verify the authenticity of updates, which allows remote man-in-the-middle attackers to execute arbitrary code via a Trojan horse upd...

CWE-4942008

CVE-2008-3438

HIGH

CVSS:8.1(High)

Apple Mac OS X does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS ...

CWE-4942008

CVE-2016-6564

HIGH

CVSS:8.1(High)

Android devices with code from Ragentek contain a privileged binary that performs over-the-air (OTA) update checks. Additionally, there are multiple techniques used to hide the execution of this binar...

CWE-4942016

CVE-2018-13012

HIGH

CVSS:8.1(High)

Download of code with improper integrity check in snsupd.exe and upd.exe in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before...

CWE-4942018

CVE-2019-10240

HIGH

CVSS:8.1(High)

Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by...

CWE-4942019

CVE-2019-10248

HIGH

CVSS:8.1(High)

Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM...

CWE-4942019