Attacker Value
Very High
(1 user assessed)
Exploitability
Moderate
(1 user assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
1

CVE-2020-10644

Disclosure Date: June 09, 2020
CVE-2020-10644 CVSS v3 Base Score: 7.5
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.

Add Assessment

2
Ratings
  • Attacker Value
    Very High
  • Exploitability
    Medium
Easy to weaponizeGives privileged accessUnauthenticated
Technical Analysis

This vulnerability affects Ignition 7 (prior to v7.9.14) and 8 (prior to v8.0.10), an Integrated Software Platform for SCADA systems to do cross-platform web-based deployment. These versions contain multiple vulnerabilities that, when chained together, can lead to preauth remote code execution with SYSTEM user privileges (advisory).

CVE-2020-10644 is one of these vulnerabilities (see also CVE-2020-12004) and is related to an input validation issue that leads to deserialization of untrusted data. By sending a request to the /system/gateway API endpoint and invoking getDiffs() action with a specially crafted payload, it is possible to bypass the validation routine and execute arbitrary code remotely.

This vulnerability is rated as critical, but to successfully exploit this, this must be chained with the two other vulnerabilities, as explained above and in the advisory. A Metasploit module exploiting these vulnerabilities is available here

Log in to Add Reply
CVSS V3 Severity and Metrics
Base Score:
7.5 High
Impact Score:
3.6
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
None
Availability (A):
None

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
Ignition 8 Gateway versions prior to 7.9.14 and 8.0.10
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
exploit/multi/scada/inductive_ignition_rce
Reporter
Unknown

Vendors

  • inductiveautomation

Products

  • ignition gateway

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis