Inductive Automation Ignition JavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability. The specific flaw exists within the JavaSerializationCodec class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20291.
The vulnerability lies in the JavaSerializationCodec class, which does not perform proper validation of user-supplied data. An attacker can send a crafted payload containing malicious serialized Java objects that will be deserialized by the application without appropriate security controls. As a result of this process (deserialization of untrusted data), arbitrary code execution is possible in the context of the SYSTEM account on the targeted machine.
The attacker gains the ability to execute arbitrary code with SYSTEM privileges, which means complete control over the operating system, including data access, the ability to install malicious software, and lateral movement across the network.
Apply patches available from the vendor in accordance with the references (https://www.zerodayinitiative.com/advisories/ZDI-23-1046/). Additionally, it is recommended to restrict network access to Ignition instances only to trusted hosts and to implement network segmentation in OT/SCADA environments.
Inductive Automation Ignition — versions indicated in the vendor's references (ZDI-CAN-20291 / ZDI-23-1046)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HInductiveautomation Ignition
APPInductiveautomation8.1.0 – 8.1.35 (bez)
Related vulnerabilities
RCE przez deserializację w Inductive Automation Ignition (ParameterVersionJavaSerializationCodec)
XSS do RCE w Inductive Automation Ignition OPC UA Quick Client
This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Aut...
An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. Designer and Vis...
Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code Execution Vulnera...