CVE-2020-12000

Published: Jun 9, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The affected product is vulnerable to the handling of serialized data. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.

Affected (2)

Products: Inductiveautomation: Ignition Gateway

Inductiveautomation

1 product

Ignition Gateway

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Inductiveautomation Ignition Gateway	From 7.2.4.48 to 7.9.14
Inductiveautomation Ignition Gateway	From 8.0 to 8.0.10

Related CWEs

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (2)

https://www.us-cert.gov/ics/advisories/icsa-20-147-01

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://www.us-cert.gov/ics/advisories/icsa-20-147-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.