Sign-up

ID

VAR-202006-0363


CVE

CVE-2020-12004


TITLE

Inductive Automation Ignition Access Control Error Vulnerability

Trust: 1.6

sources: IVD: 447276e4-5310-4e5f-96a1-291bd3cf70e5 // IVD: a5e4d27c-8864-460d-8404-d643188155eb // CNVD: CNVD-2020-34645 // CNNVD: CNNVD-202005-1328

DESCRIPTION

The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information. Ignition Is Inductive Automation Industrial software provided by. Ignition Is vulnerable to several vulnerabilities: * Lack of authentication for important features (CWE-306) - CVE-2020-12004, CVE-2020-14479 * Deserialize untrusted data (CWE-502) - CVE-2020-10644, CVE-2020-12000The expected impact depends on each vulnerability, but it may be affected as follows. * Confidential information is stolen by a remote third party because authentication is not performed when requesting a query to the server - CVE-2020-12004, CVE-2020-14479 * Inadequate validation of serialized data deserializes untrusted data provided by a remote third party and executes arbitrary code with system privileges - CVE-2020-10644, CVE-2020-12000. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the getDiffs method of the com.inductiveautomation.ignition.gateway.servlets.gateway.functions.ProjectDownload class. The issue results from the lack of proper authentication required to query to server. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of SYSTEM. The platform supports SCADA (Data Acquisition and Monitoring System), HMI (Human Machine Interface), etc. The vulnerability stems from network systems or products that do not properly restrict access to resources from unauthorized roles. There is currently no detailed vulnerability details provided

Trust: 3.24

sources: NVD: CVE-2020-12004 // JVNDB: JVNDB-2020-004797 // ZDI: ZDI-20-685 // CNVD: CNVD-2020-34645 // IVD: 447276e4-5310-4e5f-96a1-291bd3cf70e5 // IVD: a5e4d27c-8864-460d-8404-d643188155eb // VULHUB: VHN-164639

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: 447276e4-5310-4e5f-96a1-291bd3cf70e5 // IVD: a5e4d27c-8864-460d-8404-d643188155eb // CNVD: CNVD-2020-34645

AFFECTED PRODUCTS

vendor:inductiveautomationmodel:ignition gatewayscope:ltversion:8.0.10

Trust: 1.0

vendor:inductiveautomationmodel:ignition gatewayscope:gteversion:8.0

Trust: 1.0

vendor:inductiveautomationmodel:ignition gatewayscope:gteversion:7.2.4.48

Trust: 1.0

vendor:inductiveautomationmodel:ignition gatewayscope:ltversion:7.9.14

Trust: 1.0

vendor:ignition gatewaymodel: - scope:eqversion:*

Trust: 0.8

vendor:inductive automationmodel:ignitionscope:eqversion:8.0.10

Trust: 0.8

vendor:inductive automationmodel:ignitionscope: - version: -

Trust: 0.7

vendor:inductivemodel:automation ignitionscope:ltversion:8.0.10

Trust: 0.6

vendor:inductivemodel:automation ignitionscope:ltversion:7.9.14

Trust: 0.6

sources: IVD: 447276e4-5310-4e5f-96a1-291bd3cf70e5 // IVD: a5e4d27c-8864-460d-8404-d643188155eb // ZDI: ZDI-20-685 // CNVD: CNVD-2020-34645 // JVNDB: JVNDB-2020-004797 // NVD: CVE-2020-12004

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA: JVNDB-2020-004797
value: MEDIUM

Trust: 1.6

IPA: JVNDB-2020-004797
value: CRITICAL

Trust: 1.6

NVD: CVE-2020-12004
value: HIGH

Trust: 1.0

ZDI: CVE-2020-12004
value: MEDIUM

Trust: 0.7

CNVD: CNVD-2020-34645
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202005-1328
value: HIGH

Trust: 0.6

IVD: 447276e4-5310-4e5f-96a1-291bd3cf70e5
value: HIGH

Trust: 0.2

IVD: a5e4d27c-8864-460d-8404-d643188155eb
value: HIGH

Trust: 0.2

VULHUB: VHN-164639
value: MEDIUM

Trust: 0.1

NVD:
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

CNVD: CNVD-2020-34645
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 447276e4-5310-4e5f-96a1-291bd3cf70e5
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: a5e4d27c-8864-460d-8404-d643188155eb
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-164639
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

IPA score: JVNDB-2020-004797
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: 3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 1.6

NVD:
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

IPA score: JVNDB-2020-004797
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

IPA score: JVNDB-2020-004797
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: 3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2020-12004
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 0.7

sources: IVD: 447276e4-5310-4e5f-96a1-291bd3cf70e5 // IVD: a5e4d27c-8864-460d-8404-d643188155eb // ZDI: ZDI-20-685 // CNVD: CNVD-2020-34645 // VULHUB: VHN-164639 // JVNDB: JVNDB-2020-004797 // JVNDB: JVNDB-2020-004797 // JVNDB: JVNDB-2020-004797 // JVNDB: JVNDB-2020-004797 // NVD: CVE-2020-12004 // CNNVD: CNNVD-202005-1328

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.9

problemtype:CWE-502

Trust: 0.8

sources: VULHUB: VHN-164639 // JVNDB: JVNDB-2020-004797 // NVD: CVE-2020-12004

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-1328

TYPE

Access control error

Trust: 1.0

sources: IVD: 447276e4-5310-4e5f-96a1-291bd3cf70e5 // IVD: a5e4d27c-8864-460d-8404-d643188155eb // CNNVD: CNNVD-202005-1328

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2020-12004

PATCH
title:Ignition Release Notesurl:https://inductiveautomation.com/downloads/releasenotes/8.0.10
Trust: 0.8
title:Inductive Automation has issued an update to correct this vulnerability.url:https://www.us-cert.gov/ics/advisories/icsa-20-147-01
Trust: 0.7
title:Patch for Inductive Automation Ignition access control error vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/223073
Trust: 0.6
sources:
            
            
            ZDI: ZDI-20-685 // 
            
            
            
            CNVD: CNVD-2020-34645 // 
            
            
            
            JVNDB: JVNDB-2020-004797

EXTERNAL IDS
db:NVDid:CVE-2020-12004
Trust: 4.2
db:ICS CERTid:ICSA-20-147-01
Trust: 3.1
db:PACKETSTORMid:158226
Trust: 1.7
db:ZDIid:ZDI-20-685
Trust: 1.3
db:CNVDid:CNVD-2020-34645
Trust: 1.1
db:CNNVDid:CNNVD-202005-1328
Trust: 1.1
db:JVNid:JVNVU91608150
Trust: 0.8
db:JVNDBid:JVNDB-2020-004797
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-10275
Trust: 0.7
db:NSFOCUSid:46770
Trust: 0.6
db:AUSCERTid:ESB-2020.1872
Trust: 0.6
db:IVDid:447276E4-5310-4E5F-96A1-291BD3CF70E5
Trust: 0.2
db:IVDid:A5E4D27C-8864-460D-8404-D643188155EB
Trust: 0.2
db:VULHUBid:VHN-164639
Trust: 0.1
sources:
            
            
            IVD: 447276e4-5310-4e5f-96a1-291bd3cf70e5 // 
            
            
            
            IVD: a5e4d27c-8864-460d-8404-d643188155eb // 
            
            
            
            ZDI: ZDI-20-685 // 
            
            
            
            CNVD: CNVD-2020-34645 // 
            
            
            
            VULHUB: VHN-164639 // 
            
            
            
            JVNDB: JVNDB-2020-004797 // 
            
            
            
            NVD: CVE-2020-12004 // 
            
            
            
            CNNVD: CNNVD-202005-1328

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-20-147-01
Trust: 4.4
url:http://packetstormsecurity.com/files/158226/inductive-automation-ignition-remote-code-execution.html
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-14479
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12004
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10644
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12000
Trust: 0.8
url:https://jvn.jp/vu/jvnvu91608150/
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.1872/
Trust: 0.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-12004
Trust: 0.6
url:https://www.zerodayinitiative.com/advisories/zdi-20-685/
Trust: 0.6
url:http://www.nsfocus.net/vulndb/46770
Trust: 0.6
sources:
            
            
            ZDI: ZDI-20-685 // 
            
            
            
            CNVD: CNVD-2020-34645 // 
            
            
            
            VULHUB: VHN-164639 // 
            
            
            
            JVNDB: JVNDB-2020-004797 // 
            
            
            
            NVD: CVE-2020-12004 // 
            
            
            
            CNNVD: CNNVD-202005-1328

CREDITS
Pedro Ribeiro (pedrib@gmail.com) and Radek Domanski (radek.domanski@gmail.com)
Trust: 0.7
sources:
            
            
            ZDI: ZDI-20-685

SOURCES
db:IVDid:447276e4-5310-4e5f-96a1-291bd3cf70e5
db:IVDid:a5e4d27c-8864-460d-8404-d643188155eb
db:ZDIid:ZDI-20-685
db:CNVDid:CNVD-2020-34645
db:VULHUBid:VHN-164639
db:JVNDBid:JVNDB-2020-004797
db:NVDid:CVE-2020-12004
db:CNNVDid:CNNVD-202005-1328

LAST UPDATE DATE
2023-12-18T11:58:21.747000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-20-685date:2021-06-29T00:00:00
db:CNVDid:CNVD-2020-34645date:2020-06-28T00:00:00
db:VULHUBid:VHN-164639date:2020-06-25T00:00:00
db:JVNDBid:JVNDB-2020-004797date:2020-07-02T00:00:00
db:NVDid:CVE-2020-12004date:2020-06-25T23:15:13.167
db:CNNVDid:CNNVD-202005-1328date:2020-06-30T00:00:00

SOURCES RELEASE DATE
db:IVDid:447276e4-5310-4e5f-96a1-291bd3cf70e5date:2020-05-26T00:00:00
db:IVDid:a5e4d27c-8864-460d-8404-d643188155ebdate:2020-05-26T00:00:00
db:ZDIid:ZDI-20-685date:2020-06-01T00:00:00
db:CNVDid:CNVD-2020-34645date:2020-06-24T00:00:00
db:VULHUBid:VHN-164639date:2020-06-09T00:00:00
db:JVNDBid:JVNDB-2020-004797date:2020-05-28T00:00:00
db:NVDid:CVE-2020-12004date:2020-06-09T18:15:11.137
db:CNNVDid:CNNVD-202005-1328date:2020-05-26T00:00:00