Researchers say a critical denial-of-service (DoS) vulnerability they discovered in Inductive Automation’s Ignition Gateway could allow hackers to cause disruption on the plant floor.
The Ignition Gateway product made by California-based industrial automation software provider Inductive Automation enables organizations to monitor their industrial control systems (ICS) from a web browser. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the product is primarily used in the United States in sectors such as IT, energy and critical manufacturing.
Researchers at industrial cybersecurity firm Claroty discovered that Ignition Gateway 8 is affected by a DoS vulnerability that could allow an attacker to cause significant disruption.
The flaw, tracked as CVE-2020-10641 and rated critical, has been described by CISA as an improper access control issue. The security hole was addressed in mid-March with the release of version 8.0.10.
“An unprotected logging route may allow an attacker to write endless log statements into the database without space limits or authentication. This results in consuming the entire available hard-disk space, causing a denial-of-service condition,” CISA said in an advisory published last week.
Nadav Erez, research team lead at Claroty, explained that the vulnerability can be exploited by any attacker with network access to the server.
“No authentication is required and all an attacker needs in order to implement this is a connection to the server. Therefore, as specified in Inductive Automation's advisory, it is highly recommended that any Ignition asset owner updates to the most recent version, configures the server logging to a secure configuration or blocks any incoming traffic from unsecure sources. This is especially critical for any existing Ignition servers that are exposed to the Inte ..
Support the originator by clicking the read the rest link below.
