Tuesday, April 21, 2020

1 Advisory Published – 4-21-20

The CISA NCCIC-ICS published a control system security advisory for products from Inductive Automation.

Inductive Advisory

This advisory describes an improper access control vulnerability in the Inductive Advisory Ignition 8 Gateway. The vulnerability was reported by Sharon Brizinov and Mashav Sapir from Claroty. Inductive has a new version that mitigates the vulnerability.

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit the vulnerability to allow an attacker to write endless log statements into the database, which could result in a denial-of-service condition.

No comments:

/* Use this with templates/template-twocol.html */