Vulnerabilities > CVE-2020-10644 - Deserialization of Untrusted Data vulnerability in Inductiveautomation Ignition Gateway
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- http://packetstormsecurity.com/files/158226/Inductive-Automation-Ignition-Remote-Code-Execution.html
- https://www.us-cert.gov/ics/advisories/icsa-20-147-01
- http://packetstormsecurity.com/files/158226/Inductive-Automation-Ignition-Remote-Code-Execution.html
- https://www.us-cert.gov/ics/advisories/icsa-20-147-01