Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SCADA_INDUCTIVE_AUTOMATION_IGNITION_8_0_10.NBIN
HistoryJun 11, 2020 - 12:00 a.m.

Inductive Automation Ignition 8.x < 8.0.10 Multiple Vulnerabilities

2020-06-1100:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
33
JSON

The version of Inductive Automation Ignition running on the remote host is affected by multiple vulnerabilities :

  • A denial of service (DoS) vulnerability exists due to an unprotected logging route when the Perspective Module is running. An unauthenticated, remote attacker can exploit this, via a series of specially crafted messages, to write endless log statements into the database without space limits, which can results in consuming the entire available hard-disk space.
    (CVE-2020-10641)

  • A deserialization vulnerability exists due to the lack of proper validation of user-supplied data. An unauthenticated, remote attacker can exploit this to execute arbitrary code in the context of SYSTEM. (CVE-2020-10644, CVE-2020-12000)

  • An information disclosure vulnerability exists in the getDiffs method of the com.inductiveautomation.ignition.gateway.servlets. gateway.functions.ProjectDownload class due to the lack of proper authentication required to query the server. An unauthenticated, remote attacker can exploit this to disclose potentially sensitive information. (CVE-2020-12004)

Binary data scada_inductive_automation_ignition_8_0_10.nbin
VendorProductVersionCPE
inductiveautomationignitioncpe:/a:inductiveautomation:ignition

Related

ics 2
zdt 1
packetstorm 1
checkpoint_advisories 2
attackerkb 2
0daydb 1
prion 4
cve 4
zdi 3
cvelist 4
ics
ics
Inductive Automation Ignition (Update B)
2020-07-14 12:00:00
Inductive Automation Ignition
2020-04-21 12:00:00
zdt
zdt
Inductive Automation Ignition Remote Code Execution Exploit
2020-06-26 00:00:00
packetstorm
packetstorm
Inductive Automation Ignition Remote Code Execution
2020-06-25 00:00:00
checkpoint_advisories
checkpoint_advisories
Inductive Automation Ignition Insecure Deserialization (CVE-2020-12004; CVE-2020-10644)
2020-11-21 00:00:00
Web Servers Memory Corruption Attempt (CVE-2020-12000; CVE-2020-13934; CVE-2020-3239; CVE-2020-9490)
2020-12-28 00:00:00
attackerkb
attackerkb
CVE-2020-10644
2020-06-09 00:00:00
CVE-2020-12004
2020-06-09 00:00:00
0daydb
0daydb
Inductive Automation Ignition - Remote Code Execution
2020-06-28 01:09:34
prion
prion
Deserialization of untrusted data
2020-06-09 18:15:00
Information disclosure
2020-06-09 18:15:00
Race condition
2020-04-28 19:15:00
cve
cve
CVE-2020-12000
2020-06-09 18:15:00
CVE-2020-10641
2020-04-28 19:15:00
CVE-2020-12004
2020-06-09 18:15:00
zdi
zdi
(Pwn2Own) Inductive Automation Ignition ServerMessageHeader Deserialization Of Untrusted Data Remote Code Execution Vulnerability
2020-06-01 00:00:00
(Pwn2Own) Inductive Automation Ignition getDiffs Missing Authentication for Critical Function Information Disclosure Vulnerability
2020-06-01 00:00:00
(Pwn2Own) Inductive Automation Ignition getDiffs Deserialization Of Untrusted Data Remote Code Execution Vulnerability
2020-06-01 00:00:00
cvelist
cvelist
CVE-2020-12000
2020-06-09 17:54:03
CVE-2020-12004
2020-06-09 17:16:04
CVE-2020-10644
2020-06-09 17:50:58
JSON
Related for SCADA_INDUCTIVE_AUTOMATION_IGNITION_8_0_10.NBIN
ics2zdt1packetstorm1checkpoint_advisories2attackerkb20daydb1prion4cve4zdi3cvelist4