cbcvebase.
CVE-2020-10644
published 2020-06-09

CVE-2020-10644: The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions…

PriorityP263high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
20.21%
97.1th percentile
The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.

Affected

2 ranges
VendorProductVersion rangeFixed in
inductiveautomationignition_gateway>= 7.2.4.48 < 7.9.147.9.14
inductiveautomationignition_gateway>= 8.0 < 8.0.108.0.10

Detection & IOCsextracted from sources · hover to see the quote

urlhttps://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/scada/inductive_ignition_rce.rb
  • The vulnerability is exploitable by an unauthenticated attacker over the network (AV:N/AC:L/PR:N/UI:N), targeting Java deserialization in the Ignition Gateway; monitor for unexpected deserialization payloads sent to the Ignition Gateway service port.
  • Alert on processes spawned as SYSTEM (Windows) or root (Linux) from the Ignition Gateway process, which may indicate successful deserialization RCE exploitation.
  • The deserialization vulnerability (CVE-2020-10644) carries a CVSS v3 score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H); prioritize detection on network-accessible Ignition Gateway instances not protected by firewall rules.
  • ·Affected versions are Ignition 8 Gateway prior to 8.0.10 and Ignition 7 Gateway prior to 7.9.14; the Metasploit module specifically targets versions 8.0.0 through 8.0.7, so detection scope should cover the broader vulnerable range up to the patched versions.
  • ·At the time of the CISA advisory, no known public exploits specifically targeted CVE-2020-10644; however, a Metasploit module exists for the related RCE chain in the same product.
  • ·The vulnerability requires no authentication to exploit; network segmentation and firewall allow-listing are the primary compensating controls if patching is not immediately possible.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.