Inductive Automation announces security vulnerability fix

Friday January 27, 2012
Written by Manufacturing AUTOMATION
The ICS-CERT (Industrial Controls Systems Cyber Emergency Response Team) has received a report from Rubén Santamarta concerning a vulnerability in Ignition software from Inductive Automation. This vulnerability allows unauthorized users to download files containing important information about the system and project.

The vulnerability is exploitable by connecting a specific URL address. The successful connection to this URL results in a prompt to download files containing important details about system and project information, including authorized usernames and password hashes.

Inductive Automation has fixed the vulnerability and has issued a patch to address it. ICS-CERT has validated that this patch fully resolves this vulnerability.

Affected versions involved all Ignition versions prior to version

Impact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture and product implementation.

To apply the patch, upgrade to any Ignition version higher than The latest version of the 7.2 line is 7.2.11, which can be downloaded at

Add comment

Security code

Subscription Centre

New Subscription
Already a Subscriber
Customer Service
View Digital Magazine Renew


Digital Industry USA
September 10-12, 2019
EMO Hannover 2019
September 16-21, 2019
Weidmuller Open House
September 17, 2019

We are using cookies to give you the best experience on our website. By continuing to use the site, you agree to the use of cookies. To find out more, read our Privacy Policy.