Lucene search
Team FLASHBACK: Pedro Ribeiro ([email protected]|@pedrib1337) and Radek Domanski (@RabbitPro)ZDI-20-686HistoryJun 01, 2020 - 12:00 a.m.
(Pwn2Own) Inductive Automation Ignition getDiffs Deserialization Of Untrusted Data Remote Code Execution Vulnerability
2020-06-0100:00:00
Team FLASHBACK: Pedro Ribeiro ([email protected]|@pedrib1337) and Radek Domanski (@RabbitPro)
www.zerodayinitiative.com
15
0.829 High
EPSS
Percentile
98.5%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability. The specific flaw exists with the handling of project diffs. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this to execute code in the context of SYSTEM.
Related
cve
cve
CVE-2020-10644
2020-06-09 18:15:10
cvelist
cvelist
CVE-2020-10644
2020-06-09 17:50:58
nvd
nvd
CVE-2020-10644
2020-06-09 18:15:10
prion
prion
Deserialization of untrusted data
2020-06-09 18:15:00
packetstorm
packetstorm
Inductive Automation Ignition Remote Code Execution
2020-06-25 00:00:00
zdt
zdt
Inductive Automation Ignition Remote Code Execution Exploit
2020-06-26 00:00:00
attackerkb
attackerkb
CVE-2020-12004
2020-06-09 00:00:00
CVE-2020-10644
2020-06-09 00:00:00
checkpoint_advisories
checkpoint_advisories
0daydb
0daydb
Inductive Automation Ignition - Remote Code Execution
2020-06-28 01:09:34
nessus
nessus
Inductive Automation Ignition 8.x < 8.0.10 Multiple Vulnerabilities
2020-06-11 00:00:00
ics
ics
Inductive Automation Ignition (Update B)
2020-07-14 12:00:00