cbcvebase.
CVE-2023-50233
published 2024-05-03

CVE-2023-50233: Inductive Automation Ignition getJavaExecutable Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute…

PriorityP258high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
2.08%
79.2th percentile
Inductive Automation Ignition getJavaExecutable Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server. The specific flaw exists within the getJavaExecutable method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22029.

Affected

3 ranges
VendorProductVersion rangeFixed in
inductive_automationignition
inductiveautomationignition>= 8.1.0 < 8.1.338.1.33
linuxlinux_kernel>= 0 < 3.13.0-204.2553.13.0-204.255

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability exists within the `getJavaExecutable` method of Inductive Automation Ignition. Monitor for directory traversal patterns in path arguments supplied to this method during client-server interactions.
  • Exploitation requires the target user to connect to a malicious server. Monitor for Ignition clients connecting to unexpected or external Ignition gateway servers, which may indicate a malicious server luring victims.
  • Successful exploitation results in arbitrary code execution in the context of the current user. Monitor for unexpected child processes spawned by the Ignition client process following a server connection event.
  • ·Exploitation requires user interaction — the victim must actively connect to an attacker-controlled malicious Ignition server. This limits purely passive/remote exploitation scenarios.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv5.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.