CVE-2020-10641
published 2020-04-28CVE-2020-10641: An unprotected logging route may allow an attacker to write endless log statements into the database without space limits or authentication. This results in…
PriorityP341high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.28%
66.4th percentile
An unprotected logging route may allow an attacker to write endless log statements into the database without space limits or authentication. This results in consuming the entire available hard-disk space on the Ignition 8 Gateway (versions prior to 8.0.10), causing a denial-of-service condition.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| inductiveautomation | ignition_gateway | >= 8.0 < 8.0.10 | 8.0.10 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Inductive Automation Ignition
cisa_ics·2020-04-21·CVSS 7.5
[HIGH] Inductive Automation Ignition
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Inductive Automation Ignition
Last RevisedApril 21, 2020
Alert CodeICSA-20-112-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.1
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Inductive Automation
- Equipment: Ignition 8 Gateway
- Vulnerability: Improper Access Control
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to write endless log statements into the database, which could result in a denial-of-service condition.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Ignition 8 Gateway a
GHSA
GHSA-gxjf-ghq5-m6mr: An unprotected logging route may allow an attacker to write endless log statements into the database without space limits or authentication
ghsa_unreviewed·2022-05-24
CVE-2020-10641 [MEDIUM] CWE-306 GHSA-gxjf-ghq5-m6mr: An unprotected logging route may allow an attacker to write endless log statements into the database without space limits or authentication
An unprotected logging route may allow an attacker to write endless log statements into the database without space limits or authentication. This results in consuming the entire available hard-disk space on the Ignition 8 Gateway (versions prior to 8.0.10), causing a denial-of-service condition.
No detection rules found.
No public exploits indexed.
2020-04-28
Published