OTPulse
FeedAboutContact

Inductive Automation Ignition

Act Now9.1ICS-CERT ICSA-20-112-01Apr 21, 2020
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

A vulnerability in Inductive Automation Ignition 8 Gateway allows an unauthenticated attacker with network access to the /data/perspective/print-to-log endpoint to write excessive log entries to the database. The exploit triggers INFO-level logging that fills the database, causing denial of service and potential interruption of industrial control operations. Affected versions are Ignition 8 Gateway below version 8.0.10. The Perspective Module must be installed for the vulnerability to be exploitable.

What this means
What could happen
An attacker could flood the Ignition Gateway database with log entries, causing it to run out of disk space or become slow/unresponsive, which would interrupt monitoring and control of your industrial processes.
Who's at risk
Organizations running Inductive Automation Ignition 8 Gateway to manage industrial processes, especially those using the Perspective Module for HMI/SCADA dashboards. This includes water utilities, power plants, manufacturing facilities, and any site using Ignition for real-time monitoring and control.
How it could be exploited
An attacker with network access to the Ignition Gateway sends requests to the /data/perspective/print-to-log endpoint, which triggers excessive logging at the INFO level. These logs are written to the database, filling it until operations are degraded or halted.
Prerequisites
  • Network access to the Ignition Gateway HTTP interface (port 8088 or custom port)
  • Perspective Module must be installed and enabled
  • No authentication required to access the logging endpoint
remotely exploitableno authentication requiredlow complexityaffects availability of control systemsno patch available for versions below 8.0.10
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (1)
ProductAffected VersionsFix Status
Ignition 8 Gateway:< 8.0.108.0.10
Remediation & Mitigation
0/4
Do now
0/2
WORKAROUNDIf running Perspective Module, set perspective.routes logging level to WARN or higher to block INFO-level log messages from the vulnerable code path
WORKAROUNDDeploy a firewall or reverse proxy rule to deny HTTP requests to /data/perspective/print-to-log path
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Ignition 8 Gateway to version 8.0.10 or later
Long-term hardening
0/1
HARDENINGIsolate the Ignition Gateway network from the Internet and restrict access to trusted engineering workstations only
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/2a5e6392-68f3-4e23-b32e-01f396b47079