Security News > 2020 > April > Critical Ignition Gateway Vulnerability Can Lead to Disruption in Plants

Researchers say a critical denial-of-service vulnerability they discovered in Inductive Automation's Ignition Gateway could allow hackers to cause disruption on the plant floor.

Researchers at industrial cybersecurity firm Claroty discovered that Ignition Gateway 8 is affected by a DoS vulnerability that could allow an attacker to cause significant disruption.

"No authentication is required and all an attacker needs in order to implement this is a connection to the server. Therefore, as specified in Inductive Automation's advisory, it is highly recommended that any Ignition asset owner updates to the most recent version, configures the server logging to a secure configuration or blocks any incoming traffic from unsecure sources. This is especially critical for any existing Ignition servers that are exposed to the Internet," Erez told SecurityWeek.

According to Erez, exploitation of the vulnerability can lead to a full DoS condition on the server running the Ignition software.

"As this software is mainly intended to provide visibility into the process, the loss of the Ignition server could harm or even stop the process in the plant. In addition, the nature of the vulnerability means that not only will the Ignition SCADA server stop functioning, but also any other application running on the same host will be disabled as well," Erez explained.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/fpegWJCEuVk/critical-ignition-gateway-vulnerability-can-lead-disruption-plants