Vulnerabilites related to inductiveautomation - ignition_gateway
CVE-2020-12000 (GCVE-0-2020-12000)
Vulnerability from cvelistv5
Published
2020-06-09 17:54
Modified
2024-08-04 11:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - DESERIALIZATION OF UNTRUSTED DATA
Summary
The affected product is vulnerable to the handling of serialized data. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-20-147-01 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Ignition 8 Gateway |
Version: versions prior to 7.9.14 and 8.0.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:57.852Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ignition 8 Gateway",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "versions prior to 7.9.14 and 8.0.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to the handling of serialized data. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "DESERIALIZATION OF UNTRUSTED DATA CWE-502",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-18T17:54:51",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-12000",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ignition 8 Gateway",
"version": {
"version_data": [
{
"version_value": "versions prior to 7.9.14 and 8.0.10"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to the handling of serialized data. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DESERIALIZATION OF UNTRUSTED DATA CWE-502"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-12000",
"datePublished": "2020-06-09T17:54:03",
"dateReserved": "2020-04-21T00:00:00",
"dateUpdated": "2024-08-04T11:48:57.852Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10641 (GCVE-0-2020-10641)
Vulnerability from cvelistv5
Published
2020-04-28 18:22
Modified
2024-08-04 11:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - IMPROPER ACCESS CONTROLS
Summary
An unprotected logging route may allow an attacker to write endless log statements into the database without space limits or authentication. This results in consuming the entire available hard-disk space on the Ignition 8 Gateway (versions prior to 8.0.10), causing a denial-of-service condition.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-20-112-01 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Ignition 8 Gateway |
Version: versions prior to 8.0.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:10.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-112-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ignition 8 Gateway",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "versions prior to 8.0.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An unprotected logging route may allow an attacker to write endless log statements into the database without space limits or authentication. This results in consuming the entire available hard-disk space on the Ignition 8 Gateway (versions prior to 8.0.10), causing a denial-of-service condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "IMPROPER ACCESS CONTROLS CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-28T18:22:57",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-112-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-10641",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ignition 8 Gateway",
"version": {
"version_data": [
{
"version_value": "versions prior to 8.0.10"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unprotected logging route may allow an attacker to write endless log statements into the database without space limits or authentication. This results in consuming the entire available hard-disk space on the Ignition 8 Gateway (versions prior to 8.0.10), causing a denial-of-service condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER ACCESS CONTROLS CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-112-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-112-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-10641",
"datePublished": "2020-04-28T18:22:57",
"dateReserved": "2020-03-16T00:00:00",
"dateUpdated": "2024-08-04T11:06:10.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14520 (GCVE-0-2020-14520)
Vulnerability from cvelistv5
Published
2020-07-31 12:30
Modified
2024-08-04 12:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - MISSING AUTHORIZATION
Summary
The affected product is vulnerable to an information leak, which may allow an attacker to obtain sensitive information on the Ignition 8 (all versions prior to 8.0.13).
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-20-212-01 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Ignition 8 |
Version: All versions prior to 8.0.13 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.838Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-212-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ignition 8",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to 8.0.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to an information leak, which may allow an attacker to obtain sensitive information on the Ignition 8 (all versions prior to 8.0.13)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "MISSING AUTHORIZATION CWE-862",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-31T12:30:53",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-212-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-14520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ignition 8",
"version": {
"version_data": [
{
"version_value": "All versions prior to 8.0.13"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to an information leak, which may allow an attacker to obtain sensitive information on the Ignition 8 (all versions prior to 8.0.13)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "MISSING AUTHORIZATION CWE-862"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-212-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-212-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-14520",
"datePublished": "2020-07-31T12:30:53",
"dateReserved": "2020-06-19T00:00:00",
"dateUpdated": "2024-08-04T12:46:34.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10644 (GCVE-0-2020-10644)
Vulnerability from cvelistv5
Published
2020-06-09 17:50
Modified
2024-08-04 11:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - DESERIALIZATION OF UNTRUSTED DATA
Summary
The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-20-147-01 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/158226/Inductive-Automation-Ignition-Remote-Code-Execution.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Ignition 8 Gateway |
Version: versions prior to 7.9.14 and 8.0.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:10.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/158226/Inductive-Automation-Ignition-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ignition 8 Gateway",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "versions prior to 7.9.14 and 8.0.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "DESERIALIZATION OF UNTRUSTED DATA CWE-502",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-25T22:06:15",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/158226/Inductive-Automation-Ignition-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-10644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ignition 8 Gateway",
"version": {
"version_data": [
{
"version_value": "versions prior to 7.9.14 and 8.0.10"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DESERIALIZATION OF UNTRUSTED DATA CWE-502"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01"
},
{
"name": "http://packetstormsecurity.com/files/158226/Inductive-Automation-Ignition-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/158226/Inductive-Automation-Ignition-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-10644",
"datePublished": "2020-06-09T17:50:58",
"dateReserved": "2020-03-16T00:00:00",
"dateUpdated": "2024-08-04T11:06:10.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12004 (GCVE-0-2020-12004)
Vulnerability from cvelistv5
Published
2020-06-09 17:16
Modified
2024-08-04 11:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-306 - MISSING AUTHENTICATION FOR CRITICAL FUNCTION
Summary
The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-20-147-01 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/158226/Inductive-Automation-Ignition-Remote-Code-Execution.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Ignition 8 Gateway |
Version: versions prior to 7.9.14 and 8.0.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:57.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/158226/Inductive-Automation-Ignition-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ignition 8 Gateway",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "versions prior to 7.9.14 and 8.0.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-25T22:06:14",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/158226/Inductive-Automation-Ignition-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-12004",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ignition 8 Gateway",
"version": {
"version_data": [
{
"version_value": "versions prior to 7.9.14 and 8.0.10"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01"
},
{
"name": "http://packetstormsecurity.com/files/158226/Inductive-Automation-Ignition-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/158226/Inductive-Automation-Ignition-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-12004",
"datePublished": "2020-06-09T17:16:04",
"dateReserved": "2020-04-21T00:00:00",
"dateUpdated": "2024-08-04T11:48:57.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2020-06-09 18:15
Modified
2024-11-21 04:59
Severity ?
Summary
The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| inductiveautomation | ignition_gateway | * | |
| inductiveautomation | ignition_gateway | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:inductiveautomation:ignition_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A080348-81C5-4DE0-8127-379242A59B2A",
"versionEndExcluding": "7.9.14",
"versionStartIncluding": "7.2.4.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inductiveautomation:ignition_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D54DBE1-0273-41EF-AC65-611E74CD00FA",
"versionEndExcluding": "8.0.10",
"versionStartIncluding": "8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information."
},
{
"lang": "es",
"value": "El producto afectado carece de una autenticaci\u00f3n apropiada requerida para consultar el servidor en Ignition 8 Gateway (versiones anteriores a 8.0.10) y Ignition 7 Gateway (versiones anteriores a la 7.9.14), permitiendo a un atacante obtener informaci\u00f3n confidencial"
}
],
"id": "CVE-2020-12004",
"lastModified": "2024-11-21T04:59:05.850",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-09T18:15:11.137",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://packetstormsecurity.com/files/158226/Inductive-Automation-Ignition-Remote-Code-Execution.html"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/158226/Inductive-Automation-Ignition-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-09 18:15
Modified
2024-11-21 04:59
Severity ?
Summary
The affected product is vulnerable to the handling of serialized data. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.us-cert.gov/ics/advisories/icsa-20-147-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/icsa-20-147-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| inductiveautomation | ignition_gateway | * | |
| inductiveautomation | ignition_gateway | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:inductiveautomation:ignition_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A080348-81C5-4DE0-8127-379242A59B2A",
"versionEndExcluding": "7.9.14",
"versionStartIncluding": "7.2.4.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inductiveautomation:ignition_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D54DBE1-0273-41EF-AC65-611E74CD00FA",
"versionEndExcluding": "8.0.10",
"versionStartIncluding": "8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to the handling of serialized data. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information."
},
{
"lang": "es",
"value": "El producto afectado es vulnerable al manejo de datos serializados. El problema resulta de la falta de una comprobaci\u00f3n apropiada de los datos suministrados por el usuario, lo que puede resultar en una deserializaci\u00f3n de datos no confiables en Ignition 8 Gateway (versiones anteriores a 8.0.10) y Ignition 7 Gateway (versiones anteriores a la 7.9.14), permitiendo a un atacante obtener informaci\u00f3n confidencial"
}
],
"id": "CVE-2020-12000",
"lastModified": "2024-11-21T04:59:05.347",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-09T18:15:10.933",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-28 19:15
Modified
2024-11-21 04:55
Severity ?
Summary
An unprotected logging route may allow an attacker to write endless log statements into the database without space limits or authentication. This results in consuming the entire available hard-disk space on the Ignition 8 Gateway (versions prior to 8.0.10), causing a denial-of-service condition.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.us-cert.gov/ics/advisories/icsa-20-112-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/icsa-20-112-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| inductiveautomation | ignition_gateway | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:inductiveautomation:ignition_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D54DBE1-0273-41EF-AC65-611E74CD00FA",
"versionEndExcluding": "8.0.10",
"versionStartIncluding": "8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unprotected logging route may allow an attacker to write endless log statements into the database without space limits or authentication. This results in consuming the entire available hard-disk space on the Ignition 8 Gateway (versions prior to 8.0.10), causing a denial-of-service condition."
},
{
"lang": "es",
"value": "Una ruta de registro no protegida puede permitir a un atacante escribir sentencias de registro interminables en la base de datos sin l\u00edmites de espacio o autenticaci\u00f3n. Esto resulta en consumir todo el espacio disponible en el disco duro en el Ignition 8 Gateway (versiones anteriores a 8.0.10), causando una condici\u00f3n de denegaci\u00f3n de servicio."
}
],
"id": "CVE-2020-10641",
"lastModified": "2024-11-21T04:55:45.403",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-28T19:15:12.207",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-112-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-112-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-09 18:15
Modified
2024-11-21 04:55
Severity ?
Summary
The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| inductiveautomation | ignition_gateway | * | |
| inductiveautomation | ignition_gateway | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:inductiveautomation:ignition_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A080348-81C5-4DE0-8127-379242A59B2A",
"versionEndExcluding": "7.9.14",
"versionStartIncluding": "7.2.4.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:inductiveautomation:ignition_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D54DBE1-0273-41EF-AC65-611E74CD00FA",
"versionEndExcluding": "8.0.10",
"versionStartIncluding": "8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information."
},
{
"lang": "es",
"value": "El producto afectado carece de una comprobaci\u00f3n apropiada de los datos suministrados por el usuario, lo que puede dar resultar en una deserializaci\u00f3n de datos no confiables en Ignition 8 Gateway (versiones anteriores a 8.0.10) y Ignition 7 Gateway (versiones anteriores a la 7.9.14), permitiendo a un atacante obtener informaci\u00f3n confidencial"
}
],
"id": "CVE-2020-10644",
"lastModified": "2024-11-21T04:55:45.780",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-09T18:15:10.590",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://packetstormsecurity.com/files/158226/Inductive-Automation-Ignition-Remote-Code-Execution.html"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/158226/Inductive-Automation-Ignition-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-147-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-31 13:15
Modified
2024-11-21 05:03
Severity ?
Summary
The affected product is vulnerable to an information leak, which may allow an attacker to obtain sensitive information on the Ignition 8 (all versions prior to 8.0.13).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-20-212-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-212-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| inductiveautomation | ignition_gateway | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:inductiveautomation:ignition_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93D87231-D228-4356-94F3-A558DB9187C8",
"versionEndExcluding": "8.0.13",
"versionStartIncluding": "8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to an information leak, which may allow an attacker to obtain sensitive information on the Ignition 8 (all versions prior to 8.0.13)."
},
{
"lang": "es",
"value": "El producto afectado es vulnerable a una filtraci\u00f3n de informaci\u00f3n, lo que puede permitir a un atacante obtener informaci\u00f3n confidencial en el Ignition 8 (todas las versiones anteriores a 8.0.13)"
}
],
"id": "CVE-2020-14520",
"lastModified": "2024-11-21T05:03:26.827",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-31T13:15:12.617",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-212-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-212-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}