Inductive Automation Ignition Software Unauthenticated API Endpoint Vulnerability Allowing Password Recovery Email Address Change

Vulnerability

A vulnerability exists in Inductive Automation Ignition Software versions prior to 8.3.0, allowing an unauthenticated API endpoint exposure. This vulnerability could enable an attacker to remotely change the 'forgot password' recovery email address.

Impact

Exploitation of this vulnerability could allow an attacker to change the password recovery email address, potentially leading to unauthorized access.

Added: Mar 12, 2026, 7:33 PM

Updated: Mar 12, 2026, 7:33 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

10.0

exploitability

6.4

remediation

0.0

relevance

4.1

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

10.0

exploitability

6.4

remediation

0.0

relevance

4.1

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Inductive Automation Ignition Software Unauthenticated API Endpoint Vulnerability Allowing Password Recovery Email Address Change

Vulnerability

Impact

Affected Products

Inductive Automation Ignition

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating