The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.
Recent assessments:
cdelafuente-r7 at June 26, 2020 11:13am UTC reported:
This vulnerability affects Ignition 7 (prior to v7.9.14) and 8 (prior to v8.0.10), an Integrated Software Platform for SCADA systems to do cross-platform web-based deployment. These versions contain multiple vulnerabilities that, when chained together, can lead to preauth remote code execution with SYSTEM user privileges (advisory).
CVE-2020-12004 is one of these vulnerabilities (see also CVE-2020-10644) and is related to an access control issue that enables an attacker to retrieve sensitive information. The com.inductiveautomation.ignition.gateway.servlets.gateway.functions.ProjectDownload
Java class provides several actions that do not require authentication. Particularly one of them, getDiffs()
, can be used to access all the project data.
This is a medium risk issue when taken alone. However, as explained above, it can be critical when chained with other vulnerabilities.
Assessed Attacker Value: 3
Assessed Attacker Value: 3Assessed Attacker Value: 3