Details of VAR-202006-0006

ID

VAR-202006-0006

CVE

CVE-2020-10644

TITLE

Inductive Automation Made Ignition Multiple vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-004797

DESCRIPTION

The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information. Ignition Is Inductive Automation Industrial software provided by. Ignition Is vulnerable to several vulnerabilities: * Lack of authentication for important features (CWE-306) - CVE-2020-12004, CVE-2020-14479 * Deserialize untrusted data (CWE-502) - CVE-2020-10644, CVE-2020-12000The expected impact depends on each vulnerability, but it may be affected as follows. * Confidential information is stolen by a remote third party because authentication is not performed when requesting a query to the server - CVE-2020-12004, CVE-2020-14479 * Inadequate validation of serialized data deserializes untrusted data provided by a remote third party and executes arbitrary code with system privileges - CVE-2020-10644, CVE-2020-12000. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists with the handling of project diffs. An attacker can leverage this to execute code in the context of SYSTEM. The platform supports SCADA (Data Acquisition and Monitoring System), HMI (Human Machine Interface), etc. Attackers can use this vulnerability to obtain sensitive information

Trust: 3.24

sources: NVD: CVE-2020-10644 // JVNDB: JVNDB-2020-004797 // ZDI: ZDI-20-686 // CNVD: CNVD-2020-34643 // IVD: 0243acd1-a6e8-498a-bb1d-677fa500ffe3 // IVD: 0df72e19-8991-452b-aa9e-dfb4039451cc // VULHUB: VHN-163143

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.0

sources: IVD: 0243acd1-a6e8-498a-bb1d-677fa500ffe3 // IVD: 0df72e19-8991-452b-aa9e-dfb4039451cc // CNVD: CNVD-2020-34643

AFFECTED PRODUCTS

vendor:	inductiveautomation	model:	ignition gateway	scope:	lt	version:	8.0.10	Trust: 1.0
vendor:	inductiveautomation	model:	ignition gateway	scope:	gte	version:	8.0	Trust: 1.0
vendor:	inductiveautomation	model:	ignition gateway	scope:	gte	version:	7.2.4.48	Trust: 1.0
vendor:	inductiveautomation	model:	ignition gateway	scope:	lt	version:	7.9.14	Trust: 1.0
vendor:	ignition gateway	model:	-	scope:	eq	version:	*	Trust: 0.8
vendor:	inductive automation	model:	ignition	scope:	eq	version:	8.0.10	Trust: 0.8
vendor:	inductive automation	model:	ignition	scope:	-	version:	-	Trust: 0.7
vendor:	inductive	model:	automation ignition	scope:	lt	version:	8.0.10	Trust: 0.6
vendor:	inductive	model:	automation ignition	scope:	lt	version:	7.9.14	Trust: 0.6

sources: IVD: 0243acd1-a6e8-498a-bb1d-677fa500ffe3 // IVD: 0df72e19-8991-452b-aa9e-dfb4039451cc // ZDI: ZDI-20-686 // CNVD: CNVD-2020-34643 // JVNDB: JVNDB-2020-004797 // NVD: CVE-2020-10644

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA:	JVNDB-2020-004797
value:	MEDIUM
Trust: 1.6
IPA:	JVNDB-2020-004797
value:	CRITICAL
Trust: 1.6
NVD:	CVE-2020-10644
value:	HIGH
Trust: 1.0
ZDI:	CVE-2020-10644
value:	CRITICAL
Trust: 0.7
CNVD:	CNVD-2020-34643
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202005-1323
value:	HIGH
Trust: 0.6
IVD:	0243acd1-a6e8-498a-bb1d-677fa500ffe3
value:	HIGH
Trust: 0.2
IVD:	0df72e19-8991-452b-aa9e-dfb4039451cc
value:	HIGH
Trust: 0.2
VULHUB:	VHN-163143
value:	MEDIUM
Trust: 0.1

NVD:
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2020-34643
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	0243acd1-a6e8-498a-bb1d-677fa500ffe3
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	0df72e19-8991-452b-aa9e-dfb4039451cc
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-163143
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

IPA score:	JVNDB-2020-004797
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 1.6
NVD:
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
IPA score:	JVNDB-2020-004797
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
IPA score:	JVNDB-2020-004797
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2020-10644
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: IVD: 0243acd1-a6e8-498a-bb1d-677fa500ffe3 // IVD: 0df72e19-8991-452b-aa9e-dfb4039451cc // ZDI: ZDI-20-686 // CNVD: CNVD-2020-34643 // VULHUB: VHN-163143 // JVNDB: JVNDB-2020-004797 // JVNDB: JVNDB-2020-004797 // JVNDB: JVNDB-2020-004797 // JVNDB: JVNDB-2020-004797 // NVD: CVE-2020-10644 // CNNVD: CNNVD-202005-1323

PROBLEMTYPE DATA

problemtype:	CWE-502	Trust: 1.9
problemtype:	CWE-306	Trust: 0.8

sources: VULHUB: VHN-163143 // JVNDB: JVNDB-2020-004797 // NVD: CVE-2020-10644

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-1323

TYPE

Code problem

Trust: 1.0

sources: IVD: 0243acd1-a6e8-498a-bb1d-677fa500ffe3 // IVD: 0df72e19-8991-452b-aa9e-dfb4039451cc // CNNVD: CNNVD-202005-1323

CONFIGURATIONS

sources: NVD: CVE-2020-10644

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-163143

PATCH

title:	Ignition Release Notes	url:	https://inductiveautomation.com/downloads/releasenotes/8.0.10	Trust: 0.8
title:	Inductive Automation has issued an update to correct this vulnerability.	url:	https://www.us-cert.gov/ics/advisories/icsa-20-147-01	Trust: 0.7
title:	Patch for Inductive Automation Ignition code issue vulnerability (CNVD-2020-34643)	url:	https://www.cnvd.org.cn/patchinfo/show/223069	Trust: 0.6

sources: ZDI: ZDI-20-686 // CNVD: CNVD-2020-34643 // JVNDB: JVNDB-2020-004797

EXTERNAL IDS

db:	NVD	id:	CVE-2020-10644	Trust: 4.2
db:	ICS CERT	id:	ICSA-20-147-01	Trust: 3.1
db:	PACKETSTORM	id:	158226	Trust: 1.7
db:	ZDI	id:	ZDI-20-686	Trust: 1.3
db:	CNVD	id:	CNVD-2020-34643	Trust: 1.1
db:	CNNVD	id:	CNNVD-202005-1323	Trust: 1.1
db:	JVN	id:	JVNVU91608150	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-004797	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-10276	Trust: 0.7
db:	NSFOCUS	id:	46771	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1872	Trust: 0.6
db:	IVD	id:	0243ACD1-A6E8-498A-BB1D-677FA500FFE3	Trust: 0.2
db:	IVD	id:	0DF72E19-8991-452B-AA9E-DFB4039451CC	Trust: 0.2
db:	VULHUB	id:	VHN-163143	Trust: 0.1

sources: IVD: 0243acd1-a6e8-498a-bb1d-677fa500ffe3 // IVD: 0df72e19-8991-452b-aa9e-dfb4039451cc // ZDI: ZDI-20-686 // CNVD: CNVD-2020-34643 // VULHUB: VHN-163143 // JVNDB: JVNDB-2020-004797 // NVD: CVE-2020-10644 // CNNVD: CNNVD-202005-1323

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsa-20-147-01	Trust: 4.4
url:	http://packetstormsecurity.com/files/158226/inductive-automation-ignition-remote-code-execution.html	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-14479	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12004	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10644	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12000	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu91608150/	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.1872/	Trust: 0.6
url:	https://www.zerodayinitiative.com/advisories/zdi-20-686/	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10644	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/46771	Trust: 0.6

sources: ZDI: ZDI-20-686 // CNVD: CNVD-2020-34643 // VULHUB: VHN-163143 // JVNDB: JVNDB-2020-004797 // NVD: CVE-2020-10644 // CNNVD: CNNVD-202005-1323

CREDITS

Team FLASHBACK: Pedro Ribeiro (pedrib@gmail.com|@pedrib1337) and Radek Domanski (@RabbitPro)

Trust: 0.7

sources: ZDI: ZDI-20-686

SOURCES

db:	IVD	id:	0243acd1-a6e8-498a-bb1d-677fa500ffe3
db:	IVD	id:	0df72e19-8991-452b-aa9e-dfb4039451cc
db:	ZDI	id:	ZDI-20-686
db:	CNVD	id:	CNVD-2020-34643
db:	VULHUB	id:	VHN-163143
db:	JVNDB	id:	JVNDB-2020-004797
db:	NVD	id:	CVE-2020-10644
db:	CNNVD	id:	CNNVD-202005-1323

LAST UPDATE DATE

2023-12-18T11:58:21.818000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-20-686	date:	2021-06-29T00:00:00
db:	CNVD	id:	CNVD-2020-34643	date:	2020-06-24T00:00:00
db:	VULHUB	id:	VHN-163143	date:	2020-06-25T00:00:00
db:	JVNDB	id:	JVNDB-2020-004797	date:	2020-07-02T00:00:00
db:	NVD	id:	CVE-2020-10644	date:	2020-06-25T23:15:11.290
db:	CNNVD	id:	CNNVD-202005-1323	date:	2020-06-30T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	0243acd1-a6e8-498a-bb1d-677fa500ffe3	date:	2020-05-26T00:00:00
db:	IVD	id:	0df72e19-8991-452b-aa9e-dfb4039451cc	date:	2020-05-26T00:00:00
db:	ZDI	id:	ZDI-20-686	date:	2020-06-01T00:00:00
db:	CNVD	id:	CNVD-2020-34643	date:	2020-06-24T00:00:00
db:	VULHUB	id:	VHN-163143	date:	2020-06-09T00:00:00
db:	JVNDB	id:	JVNDB-2020-004797	date:	2020-05-28T00:00:00
db:	NVD	id:	CVE-2020-10644	date:	2020-06-09T18:15:10.590
db:	CNNVD	id:	CNNVD-202005-1323	date:	2020-05-26T00:00:00