OTPulse
FeedAboutContact

Inductive Automation Ignition

Monitor6.8ICS-CERT ICSA-22-102-03Apr 12, 2022
Attack VectorNetwork
Auth RequiredHigh
ComplexityLow
User InteractionNone needed
Summary

Inductive Automation Ignition versions 8.0 (greater than 8.0.4) and 8.1 (less than or equal to 8.1 or greater than or equal to 8.1.10) contain a path traversal/arbitrary file upload vulnerability. An authenticated attacker with network access can upload a malicious zip file to the Ignition server, which is processed without proper validation, allowing code execution on the server. This affects the Ignition HMI/supervisory control platform used in industrial facilities for process monitoring, control, and data logging.

What this means
What could happen
An authenticated attacker could upload a malicious zip file to execute code on the Ignition server, potentially allowing them to modify process setpoints, alter historical data, or disrupt HMI operations.
Who's at risk
Water utilities, electric utilities, and other critical infrastructure operators using Ignition 8.0 or 8.1 for HMI, data logging, and process monitoring. Particularly relevant for organizations with remote engineering access or where HMI systems are accessible from office networks.
How it could be exploited
An attacker with valid credentials and network access to the Ignition server uploads a specially crafted zip file through the web interface. The server processes the file without proper validation, executing embedded code with server privileges.
Prerequisites
  • Valid Ignition user credentials (engineering or administrative access)
  • Network access to Ignition web interface (port 8088 or 80/443 if configured)
  • Permission to upload files via the Ignition UI
Requires valid credentialsNo authentication required for network access if default firewall rules appliedMedium CVSS (6.8) with integrity impactAffects supervisory systems (HMI/SCADA)No patch available for 8.0.x versions
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (2)
2 pending
ProductAffected VersionsFix Status
Ignition: All 8.0> 8.0.4No fix yet
Ignition: All 8.1≤ 8.1 | ≥ 8.1.10No fix yet
Remediation & Mitigation
0/5
Do now
0/1
WORKAROUNDRestrict Ignition web interface access to authorized engineering workstations only using firewall rules
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Ignition to version 8.1.10 or later
HARDENINGRequire multi-factor authentication (MFA) for Ignition user accounts if supported
Long-term hardening
0/2
HARDENINGEnforce principle of least privilege for Ignition user accounts; limit administrative access to required personnel
HARDENINGSegment control system network from business network; place Ignition servers behind firewall with restricted inbound access
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/a02a645e-538f-44c5-a5f7-aeb7a6fe506c
Inductive Automation Ignition | CVSS 6.8 - OTPulse