Details of VAR-202006-0318

ID

VAR-202006-0318

CVE

CVE-2020-12000

TITLE

Inductive Automation Ignition Code Issue Vulnerability

Trust: 1.0

sources: IVD: 7820dc4c-aa4b-42b9-ba9e-04ef2182b636 // IVD: bbe6d67a-e383-424d-9d9d-fcfbfcdd1d12 // CNVD: CNVD-2020-34644

DESCRIPTION

The affected product is vulnerable to the handling of serialized data. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information. Ignition Is Inductive Automation Industrial software provided by. Ignition Is vulnerable to several vulnerabilities: * Lack of authentication for important features (CWE-306) - CVE-2020-12004, CVE-2020-14479 * Deserialize untrusted data (CWE-502) - CVE-2020-10644, CVE-2020-12000The expected impact depends on each vulnerability, but it may be affected as follows. * Confidential information is stolen by a remote third party because authentication is not performed when requesting a query to the server - CVE-2020-12004, CVE-2020-14479 * Inadequate validation of serialized data deserializes untrusted data provided by a remote third party and executes arbitrary code with system privileges - CVE-2020-10644, CVE-2020-12000. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. The platform supports SCADA (Data Acquisition and Monitoring System), HMI (Human Machine Interface), etc. Attackers can use this vulnerability to obtain sensitive information

Trust: 3.24

sources: NVD: CVE-2020-12000 // JVNDB: JVNDB-2020-004797 // ZDI: ZDI-20-687 // CNVD: CNVD-2020-34644 // IVD: 7820dc4c-aa4b-42b9-ba9e-04ef2182b636 // IVD: bbe6d67a-e383-424d-9d9d-fcfbfcdd1d12 // VULHUB: VHN-164635

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.0

sources: IVD: 7820dc4c-aa4b-42b9-ba9e-04ef2182b636 // IVD: bbe6d67a-e383-424d-9d9d-fcfbfcdd1d12 // CNVD: CNVD-2020-34644

AFFECTED PRODUCTS

vendor:	inductiveautomation	model:	ignition gateway	scope:	lt	version:	7.9.14	Trust: 1.0
vendor:	inductiveautomation	model:	ignition gateway	scope:	gte	version:	7.2.4.48	Trust: 1.0
vendor:	inductiveautomation	model:	ignition gateway	scope:	lt	version:	8.0.10	Trust: 1.0
vendor:	inductiveautomation	model:	ignition gateway	scope:	gte	version:	8.0	Trust: 1.0
vendor:	ignition gateway	model:	-	scope:	eq	version:	*	Trust: 0.8
vendor:	inductive automation	model:	ignition	scope:	eq	version:	8.0.10	Trust: 0.8
vendor:	inductive automation	model:	ignition	scope:	-	version:	-	Trust: 0.7
vendor:	inductive	model:	automation ignition	scope:	lt	version:	8.0.10	Trust: 0.6
vendor:	inductive	model:	automation ignition	scope:	lt	version:	7.9.14	Trust: 0.6

sources: IVD: 7820dc4c-aa4b-42b9-ba9e-04ef2182b636 // IVD: bbe6d67a-e383-424d-9d9d-fcfbfcdd1d12 // ZDI: ZDI-20-687 // CNVD: CNVD-2020-34644 // JVNDB: JVNDB-2020-004797 // NVD: CVE-2020-12000

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA:	JVNDB-2020-004797
value:	MEDIUM
Trust: 1.6
IPA:	JVNDB-2020-004797
value:	CRITICAL
Trust: 1.6
nvd@nist.gov:	CVE-2020-12000
value:	HIGH
Trust: 1.0
ZDI:	CVE-2020-12000
value:	CRITICAL
Trust: 0.7
CNVD:	CNVD-2020-34644
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202005-1318
value:	HIGH
Trust: 0.6
IVD:	7820dc4c-aa4b-42b9-ba9e-04ef2182b636
value:	HIGH
Trust: 0.2
IVD:	bbe6d67a-e383-424d-9d9d-fcfbfcdd1d12
value:	HIGH
Trust: 0.2
VULHUB:	VHN-164635
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-12000
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2020-34644
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	7820dc4c-aa4b-42b9-ba9e-04ef2182b636
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	bbe6d67a-e383-424d-9d9d-fcfbfcdd1d12
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-164635
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

IPA score:	JVNDB-2020-004797
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 1.6
nvd@nist.gov:	CVE-2020-12000
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
IPA score:	JVNDB-2020-004797
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
IPA score:	JVNDB-2020-004797
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2020-12000
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: IVD: 7820dc4c-aa4b-42b9-ba9e-04ef2182b636 // IVD: bbe6d67a-e383-424d-9d9d-fcfbfcdd1d12 // ZDI: ZDI-20-687 // CNVD: CNVD-2020-34644 // VULHUB: VHN-164635 // JVNDB: JVNDB-2020-004797 // JVNDB: JVNDB-2020-004797 // JVNDB: JVNDB-2020-004797 // JVNDB: JVNDB-2020-004797 // CNNVD: CNNVD-202005-1318 // NVD: CVE-2020-12000

PROBLEMTYPE DATA

problemtype:	CWE-502	Trust: 1.9
problemtype:	CWE-306	Trust: 0.8

sources: VULHUB: VHN-164635 // JVNDB: JVNDB-2020-004797 // NVD: CVE-2020-12000

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-1318

TYPE

Code problem

Trust: 1.0

sources: IVD: 7820dc4c-aa4b-42b9-ba9e-04ef2182b636 // IVD: bbe6d67a-e383-424d-9d9d-fcfbfcdd1d12 // CNNVD: CNNVD-202005-1318

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-004797

PATCH

title:	Ignition Release Notes	url:	https://inductiveautomation.com/downloads/releasenotes/8.0.10	Trust: 0.8
title:	-	url:	https://www.us-cert.gov/ics/advisories/icsa-20-147-01	Trust: 0.7
title:	Patch for Inductive Automation Ignition code issue vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/223071	Trust: 0.6
title:	Inductive Automation Ignition Fixes for code issue vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121611	Trust: 0.6

sources: ZDI: ZDI-20-687 // CNVD: CNVD-2020-34644 // JVNDB: JVNDB-2020-004797 // CNNVD: CNNVD-202005-1318

EXTERNAL IDS

db:	NVD	id:	CVE-2020-12000	Trust: 4.2
db:	ICS CERT	id:	ICSA-20-147-01	Trust: 3.1
db:	ZDI	id:	ZDI-20-687	Trust: 1.3
db:	CNVD	id:	CNVD-2020-34644	Trust: 1.1
db:	CNNVD	id:	CNNVD-202005-1318	Trust: 1.1
db:	JVN	id:	JVNVU91608150	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-004797	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-10278	Trust: 0.7
db:	NSFOCUS	id:	46769	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1872	Trust: 0.6
db:	IVD	id:	7820DC4C-AA4B-42B9-BA9E-04EF2182B636	Trust: 0.2
db:	IVD	id:	BBE6D67A-E383-424D-9D9D-FCFBFCDD1D12	Trust: 0.2
db:	VULHUB	id:	VHN-164635	Trust: 0.1

sources: IVD: 7820dc4c-aa4b-42b9-ba9e-04ef2182b636 // IVD: bbe6d67a-e383-424d-9d9d-fcfbfcdd1d12 // ZDI: ZDI-20-687 // CNVD: CNVD-2020-34644 // VULHUB: VHN-164635 // JVNDB: JVNDB-2020-004797 // CNNVD: CNNVD-202005-1318 // NVD: CVE-2020-12000

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsa-20-147-01	Trust: 3.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-14479	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12004	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10644	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12000	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu91608150/	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.1872/	Trust: 0.6
url:	https://www.zerodayinitiative.com/advisories/zdi-20-687/	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/46769	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12000	Trust: 0.6

sources: ZDI: ZDI-20-687 // CNVD: CNVD-2020-34644 // VULHUB: VHN-164635 // JVNDB: JVNDB-2020-004797 // CNNVD: CNNVD-202005-1318 // NVD: CVE-2020-12000

CREDITS

Chris Anastasio (muffin) and Steven Seeley (mr_me) of Incite Team

Trust: 0.7

sources: ZDI: ZDI-20-687

SOURCES

db:	IVD	id:	7820dc4c-aa4b-42b9-ba9e-04ef2182b636
db:	IVD	id:	bbe6d67a-e383-424d-9d9d-fcfbfcdd1d12
db:	ZDI	id:	ZDI-20-687
db:	CNVD	id:	CNVD-2020-34644
db:	VULHUB	id:	VHN-164635
db:	JVNDB	id:	JVNDB-2020-004797
db:	CNNVD	id:	CNNVD-202005-1318
db:	NVD	id:	CVE-2020-12000

LAST UPDATE DATE

2024-11-23T21:59:12.760000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-20-687	date:	2020-06-01T00:00:00
db:	CNVD	id:	CNVD-2020-34644	date:	2020-06-24T00:00:00
db:	VULHUB	id:	VHN-164635	date:	2023-03-03T00:00:00
db:	JVNDB	id:	JVNDB-2020-004797	date:	2020-07-02T00:00:00
db:	CNNVD	id:	CNNVD-202005-1318	date:	2020-06-19T00:00:00
db:	NVD	id:	CVE-2020-12000	date:	2024-11-21T04:59:05.347

SOURCES RELEASE DATE

db:	IVD	id:	7820dc4c-aa4b-42b9-ba9e-04ef2182b636	date:	2020-05-26T00:00:00
db:	IVD	id:	bbe6d67a-e383-424d-9d9d-fcfbfcdd1d12	date:	2020-05-26T00:00:00
db:	ZDI	id:	ZDI-20-687	date:	2020-06-01T00:00:00
db:	CNVD	id:	CNVD-2020-34644	date:	2020-06-24T00:00:00
db:	VULHUB	id:	VHN-164635	date:	2020-06-09T00:00:00
db:	JVNDB	id:	JVNDB-2020-004797	date:	2020-05-28T00:00:00
db:	CNNVD	id:	CNNVD-202005-1318	date:	2020-05-26T00:00:00
db:	NVD	id:	CVE-2020-12000	date:	2020-06-09T18:15:10.933