Inductive Automation Ignition (Update B) (ICSA-20-147-01) – Product Used in the Energy Sector

June 30, 2020

CISA has updated this advisory with additional details on the affected products and mitigation measures. Read the advisory at CISA.

June 2, 2020

CISA has updated this advisory with additional details of the affected products. Read the advisory at CISA.

May 28, 2020

CISA has published an advisory on missing authentication for critical function and deserialization of untrusted data vulnerabilities in Inductive Automation Ignition. Inductive Automation Ignition 8 Gateway versions prior to 8.0.10 are affected. Successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive information and perform remote code execution with SYSTEM privileges. Inductive Automation recommends upgrading the Ignition software to v8.0.10. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.