Critical Ignition Gateway Vulnerability Can Lead to Disruption in Plants

Researchers say a critical denial-of-service (DoS) vulnerability they discovered in Inductive Automation’s Ignition Gateway could allow hackers to cause disruption on the plant floor.

The Ignition Gateway product made by California-based industrial automation software provider Inductive Automation enables organizations to monitor their industrial control systems (ICS) from a web browser. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the product is primarily used in the United States in sectors such as IT, energy and critical manufacturing.

Researchers at industrial cybersecurity firm Claroty discovered that Ignition Gateway 8 is affected by a DoS vulnerability that could allow an attacker to cause significant disruption.

The flaw, tracked as CVE-2020-10641 and rated critical, has been described by CISA as an improper access control issue. The security hole was addressed in mid-March with the release of version 8.0.10.

“An unprotected logging route may allow an attacker to write endless log statements into the database without space limits or authentication. This results in consuming the entire available hard-disk space, causing a denial-of-service condition,” CISA said in an advisory published last week.

Nadav Erez, research team lead at Claroty, explained that the vulnerability can be exploited by any attacker with network access to the server.

“No authentication is required and all an attacker needs in order to implement this is a connection to the server. Therefore, as specified in Inductive Automation’s advisory, it is highly recommended that any Ignition asset owner updates to the most recent version, configures the server logging to a secure configuration or blocks any incoming traffic from unsecure sources. This is especially critical for any existing Ignition servers that are exposed to the Internet,” Erez told SecurityWeek.

Learn more about vulnerabilities in industrial systems at SecurityWeek’s 2020 ICS Cyber Security Conference and SecurityWeek’s Security Summits virtual event series

According to Erez, exploitation of the vulnerability can lead to a full DoS condition on the server running the Ignition software.

“As this software is mainly intended to provide visibility into the process, the loss of the Ignition server could harm or even stop the process in the plant. In addition, the nature of the vulnerability means that not only will the Ignition SCADA server stop functioning, but also any other application running on the same host will be disabled as well,” Erez explained.

Inductive Automation is one of the vendors whose products were targeted by white hat hackers earlier this year at the Pwn2Own Miami hacking competition, which focused on industrial control systems. Claroty researchers discovered the vulnerability while preparing for the ICS Pwn2Own. They said the vendor fixed the issue less than two months after receiving technical information.

The researchers who took part in Pwn2Own earned a total of $50,000 for vulnerabilities in Inductive Automation’s Ignition product. However, some of the same flaws were discovered by multiple teams and duplicates did not receive any monetary rewards.

Related: Industrial Controllers Still Vulnerable to Stuxnet-Style Attacks

Related: Siemens Industrial Devices Affected by ‘SegmentSmack’ Linux Kernel Flaw

Related: Several Vulnerabilities Expose Phoenix Contact Industrial 4G Routers to Attacks