CVE-2020-12004

CVE-2020-12004 affects Inductive Automation Ignition Gateway (Ignition 8.x before 8.0.10 and Ignition 7.x before 7.9.14). The issue is an authentication gap in the gateway’s project/data access endpoints (notably actions like getDiffs in the gateway administration), which allows an attacker to qu...

CVE-2020-10644

CVE-2020-10644 affects Inductive Automation Ignition Gateway; root cause is improper validation that allows deserialization of untrusted data. Affected: Ignition 8.x (prior to 8.0.10) and Ignition 7.x (prior to 7.9.14). Impact documented as sensitive information disclosure. Public references note...

CVE-2020-10641

The CVE-2020-10641 issue affects Ignition 8 Gateway (Perspective Module) prior to 8.0.10, where an unprotected logging route can write unlimited log statements to the database, consuming disk space and causing a denial-of-service. Root cause: improper access controls allowing unauthenticated, net...

CVE-2020-12000

CVE-2020-12000 affects Inductive Automation Ignition Gateway products: Ignition 8 Gateway versions before 8.0.10 and Ignition 7 Gateway versions before 7.9.14. The issue arises from improper validation of user-supplied data, enabling deserialization of untrusted data via serialized-data handling ...

CVE-2020-14520

CVE-2020-14520 affects Inductive Automation Ignition 8 (all versions prior to 8.0.13). The reported vulnerability is missing authorization via an unprotected API, enabling information disclosure by issuing an HTTP request to determine if a given filesystem path exists. The ICS-CERT advisory cites...