Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?



Critical Ignition Gateway Vulnerability Can Lead to Disruption in Plants

Researchers say a critical denial-of-service (DoS) vulnerability they discovered in Inductive Automation’s Ignition Gateway could allow hackers to cause disruption on the plant floor.

Researchers say a critical denial-of-service (DoS) vulnerability they discovered in Inductive Automation’s Ignition Gateway could allow hackers to cause disruption on the plant floor.

The Ignition Gateway product made by California-based industrial automation software provider Inductive Automation enables organizations to monitor their industrial control systems (ICS) from a web browser. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the product is primarily used in the United States in sectors such as IT, energy and critical manufacturing.

Researchers at industrial cybersecurity firm Claroty discovered that Ignition Gateway 8 is affected by a DoS vulnerability that could allow an attacker to cause significant disruption.

The flaw, tracked as CVE-2020-10641 and rated critical, has been described by CISA as an improper access control issue. The security hole was addressed in mid-March with the release of version 8.0.10.

“An unprotected logging route may allow an attacker to write endless log statements into the database without space limits or authentication. This results in consuming the entire available hard-disk space, causing a denial-of-service condition,” CISA said in an advisory published last week.

Nadav Erez, research team lead at Claroty, explained that the vulnerability can be exploited by any attacker with network access to the server.

“No authentication is required and all an attacker needs in order to implement this is a connection to the server. Therefore, as specified in Inductive Automation’s advisory, it is highly recommended that any Ignition asset owner updates to the most recent version, configures the server logging to a secure configuration or blocks any incoming traffic from unsecure sources. This is especially critical for any existing Ignition servers that are exposed to the Internet,” Erez told SecurityWeek.

Advertisement. Scroll to continue reading.

Learn more about vulnerabilities in industrial systems at SecurityWeek’s 2020 ICS Cyber Security Conference and SecurityWeek’s Security Summits virtual event series

According to Erez, exploitation of the vulnerability can lead to a full DoS condition on the server running the Ignition software.

“As this software is mainly intended to provide visibility into the process, the loss of the Ignition server could harm or even stop the process in the plant. In addition, the nature of the vulnerability means that not only will the Ignition SCADA server stop functioning, but also any other application running on the same host will be disabled as well,” Erez explained.

Inductive Automation is one of the vendors whose products were targeted by white hat hackers earlier this year at the Pwn2Own Miami hacking competition, which focused on industrial control systems. Claroty researchers discovered the vulnerability while preparing for the ICS Pwn2Own. They said the vendor fixed the issue less than two months after receiving technical information.

The researchers who took part in Pwn2Own earned a total of $50,000 for vulnerabilities in Inductive Automation’s Ignition product. However, some of the same flaws were discovered by multiple teams and duplicates did not receive any monetary rewards.

Related: Industrial Controllers Still Vulnerable to Stuxnet-Style Attacks

Related: Siemens Industrial Devices Affected by ‘SegmentSmack’ Linux Kernel Flaw

Related: Several Vulnerabilities Expose Phoenix Contact Industrial 4G Routers to Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...