Inductive Automation Ignition (ICSA-20-112-01) – Product Used in the Energy Sector

CISA has published an advisory on an improper access control vulnerability in Inductive Automation Ignition 8 Gateway. Versions prior to 8.0.10 are affected. Successful exploitation of this vulnerability could allow an attacker to write endless log statements into the database, which could result in a denial-of-service condition. Inductive Automation recommends upgrading Ignition 8 Gateway to v8.0.10. If this isn’t possible, it recommends a series of workarounds. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.