Attacker Value
Very High
(1 user assessed)
Exploitability
Moderate
(1 user assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
1

CVE-2020-10644

Disclosure Date: June 09, 2020
Add any MITRE ATT&CK Tactics to the list below that apply to this CVE.

Description

The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.

Add Assessment

1
Ratings
  • Attacker Value
    Very High
  • Exploitability
    Medium
Technical Analysis

This vulnerability affects Ignition 7 (prior to v7.9.14) and 8 (prior to v8.0.10), an Integrated Software Platform for SCADA systems to do cross-platform web-based deployment. These versions contain multiple vulnerabilities that, when chained together, can lead to preauth remote code execution with SYSTEM user privileges (advisory).

CVE-2020-10644 is one of these vulnerabilities (see also CVE-2020-12004) and is related to an input validation issue that leads to deserialization of untrusted data. By sending a request to the /system/gateway API endpoint and invoking getDiffs() action with a specially crafted payload, it is possible to bypass the validation routine and execute arbitrary code remotely.

This vulnerability is rated as critical, but to successfully exploit this, this must be chained with the two other vulnerabilities, as explained above and in the advisory. A Metasploit module exploiting these vulnerabilities is available here

General Information

Products

  • Ignition 8 Gateway

Additional Info

Technical Analysis