cbcvebase.
CVE-2020-12004
published 2020-06-09

CVE-2020-12004: The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway…

PriorityP261high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
13.64%
96.0th percentile
The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.

Affected

2 ranges
VendorProductVersion rangeFixed in
inductiveautomationignition_gateway>= 7.2.4.48 < 7.9.147.9.14
inductiveautomationignition_gateway>= 8.0 < 8.0.108.0.10

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2020-12004 is exploitable remotely with no authentication required against the Ignition Gateway; detect unauthenticated queries to the Ignition Gateway service (default port 8088/8043) from untrusted hosts
  • The vulnerability involves unauthenticated handling of serialized data; monitor for deserialization-related traffic to the Ignition Gateway service from unauthenticated sources
  • A related RCE exploit (CVE-2020-10644/CVE-2020-12000) targeting the same product is available in Metasploit; the default configuration is exploitable by an unauthenticated attacker achieving RCE as SYSTEM (Windows) or root (Linux) — correlate Ignition Gateway exploitation attempts with privilege escalation indicators on host
  • ·CVE-2020-14479 (a related missing-authentication issue) has no fix in place at time of advisory; firewall/allowlist controls are the recommended mitigation for that specific CVE
  • ·The Metasploit RCE module targets versions 8.0.0–8.0.7 specifically; CVE-2020-12004 (information disclosure) covers a broader version range up to 8.0.9 and 7.x prior to 7.9.14

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.