HTTP: Inductive Automation Ignition ServerMessageHeader Insecure Deserialization

This signature detects attempts to exploit a known vulnerability against Inductive Automation Ignitiion. A successful attack can lead to arbitrary code execution.

Extended Description

The affected product is vulnerable to the handling of serialized data. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.

Affected Products

Inductiveautomation ignition_gateway

References

CVE: CVE-2023-50219

URL: https://www.zerodayinitiative.com/advisories/ZDI-20-687/ https://www.zerodayinitiative.com/advisories/ZDI-20-714/ http://www.zerodayinitiative.com/advisories/ZDI-22-1017/ https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities http://www.zerodayinitiative.com/advisories/ZDI-23-1045/ http://www.zerodayinitiative.com/advisories/ZDI-23-1047/ http://www.zerodayinitiative.com/advisories/ZDI-24-018/ https://security.inductiveautomation.com/?tcuUid=fc4c4515-046d-4365-b688-693337449c5b http://www.zerodayinitiative.com/advisories/ZDI-20-687/ http://www.zerodayinitiative.com/advisories/ZDI-20-714/ https://inductiveautomation.com/downloads/releasenotes/8.0.8 http://www.zerodayinitiative.com/advisories/ZDI-23-1813/ http://www.zerodayinitiative.com/advisories/ZDI-24-015/ http://www.zerodayinitiative.com/advisories/ZDI-24-014/

Short Name
HTTP:CTS:IND-AUTO-SMH-DES
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Automation CVE-2020-12000 CVE-2022-35870 CVE-2023-39473 CVE-2023-39475 CVE-2023-50218 CVE-2023-50219 CVE-2023-50220 CVE-2023-50223 Deserialization Ignition Inductive Insecure ServerMessageHeader
Release Date
07/02/2021
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3692
False Positive
Unknown
Vendors

Inductiveautomation

CVSS Score

5.0

Found a potential security threat?