Inductive Automation Ignition

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to write endless log statements into the database, which could result in a denial-of-service condition.

CVEs (1)

Remediations

• Upgrade Ignition 8 Gateway to v8.0.10
• Reference vendor website
• If running the Perspective Module, set “perspective.routes” to a priority level of WARN or higher. The exploit triggers the code path that logs a message with priority level INFO.
• For gateways that are deployed behind a web application firewall or reverse proxy, deploy a rule to deny access to all gateway HTTP requests that include the path: /data/perspective/print-to-log.

Affected Vendors

Affected Products (1)

Affected Sectors

Critical Manufacturing, Energy, Information Technology