Inductive Automation announces security vulnerability fix

Friday January 27, 2012
Written by Manufacturing AUTOMATION
The ICS-CERT (Industrial Controls Systems Cyber Emergency Response Team) has received a report from Rubén Santamarta concerning a vulnerability in Ignition software from Inductive Automation. This vulnerability allows unauthorized users to download files containing important information about the system and project.

The vulnerability is exploitable by connecting a specific URL address. The successful connection to this URL results in a prompt to download files containing important details about system and project information, including authorized usernames and password hashes.

Inductive Automation has fixed the vulnerability and has issued a patch to address it. ICS-CERT has validated that this patch fully resolves this vulnerability.

Affected versions involved all Ignition versions prior to version 7.2.8.178.

Impact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture and product implementation.

To apply the patch, upgrade to any Ignition version higher than 7.2.8.178. The latest version of the 7.2 line is 7.2.11, which can be downloaded at http://www.inductiveautomation.com/downloads/ignition/archive.

Add comment


Security code
Refresh

Subscription Centre

 
New Subscription
 
Already a Subscriber
 
Customer Service
 
View Digital Magazine Renew

Events

Digital Industry USA
September 10-12, 2019
EMO Hannover 2019
September 16-21, 2019
Weidmuller Open House
September 17, 2019

We are using cookies to give you the best experience on our website. By continuing to use the site, you agree to the use of cookies. To find out more, read our Privacy Policy.