Inductive Automation Ignition

MonitorCVSS 6.8ICS-CERT ICSA-22-102-03Apr 12, 2022

Inductive Automation

Attack path

Attack VectorNetwork

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

Inductive Automation Ignition versions 8.0 (greater than 8.0.4) and 8.1 (less than or equal to 8.1 or greater than or equal to 8.1.10) contain a path traversal/arbitrary file upload vulnerability. An authenticated attacker with network access can upload a malicious zip file to the Ignition server, which is processed without proper validation, allowing code execution on the server. This affects the Ignition HMI/supervisory control platform used in industrial facilities for process monitoring, control, and data logging.

What this means

What could happen

An authenticated attacker could upload a malicious zip file to execute code on the Ignition server, potentially allowing them to modify process setpoints, alter historical data, or disrupt HMI operations.

Who's at risk

Water utilities, electric utilities, and other critical infrastructure operators using Ignition 8.0 or 8.1 for HMI, data logging, and process monitoring. Particularly relevant for organizations with remote engineering access or where HMI systems are accessible from office networks.

How it could be exploited

An attacker with valid credentials and network access to the Ignition server uploads a specially crafted zip file through the web interface. The server processes the file without proper validation, executing embedded code with server privileges.

Prerequisites

Valid Ignition user credentials (engineering or administrative access)
Network access to Ignition web interface (port 8088 or 80/443 if configured)
Permission to upload files via the Ignition UI

Requires valid credentialsNo authentication required for network access if default firewall rules appliedMedium CVSS (6.8) with integrity impactAffects supervisory systems (HMI/SCADA)No patch available for 8.0.x versions

Exploitability

Unlikely to be exploited — EPSS score 0.4%

Affected products (2)

2 pending

ProductAffected VersionsFix Status

Ignition: All 8.0> 8.0.4No fix yet

Ignition: All 8.1≤ 8.1 | ≥ 8.1.10No fix yet

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDRestrict Ignition web interface access to authorized engineering workstations only using firewall rules

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Ignition to version 8.1.10 or later

HARDENINGRequire multi-factor authentication (MFA) for Ignition user accounts if supported

Long-term hardening

0/2

HARDENINGEnforce principle of least privilege for Ignition user accounts; limit administrative access to required personnel

HARDENINGSegment control system network from business network; place Ignition servers behind firewall with restricted inbound access

CVEs (1)

CVE-2022-1264

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a02a645e-538f-44c5-a5f7-aeb7a6fe506c

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.