PT-2020-4213 · Inductive Automation · Ignition 8 Gateway

Mashav Sapir

Published

2020-04-21

Updated

2021-12-20

CVE-2020-10641

CVSS v2.0

9.4

High

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Ignition 8 Gateway versions prior to 8.0.10

Description: The issue is related to an unprotected logging route, which may allow an attacker to write endless log statements into the database without space limits or authentication. This results in consuming the entire available hard-disk space, causing a denial-of-service condition. The vulnerability can be exploited remotely.

Recommendations: For versions prior to 8.0.10, update to version 8.0.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the logging route to minimize the risk of exploitation.

Fix

Improper Access Control

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-306

Related Identifiers

BDU:2020-04648

CVE-2020-10641

Affected Products

Ignition 8 Gateway

PT-2020-4213 · Inductive Automation · Ignition 8 Gateway

CVE-2020-10641

Weakness Enumeration

Related Identifiers

Affected Products

References · 8