PT-2020-12973 · Inductive Automation · Ignition 7 Gateway+1
Published
2020-06-01
·
Updated
2023-03-03
·
CVE-2020-12000
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Ignition 8 Gateway versions prior to 8.0.10
Ignition 7 Gateway versions prior to 7.9.14
Description
The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data, allowing an attacker to obtain sensitive information.
Recommendations
For Ignition 8 Gateway versions prior to 8.0.10, update to version 8.0.10 or later to resolve the issue.
For Ignition 7 Gateway versions prior to 7.9.14, update to version 7.9.14 or later to resolve the issue.
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ignition 7 Gateway
Ignition 8 Gateway