VAR-202004-0057
Vulnerability from variot - Updated: 2023-12-18 12:17An unprotected logging route may allow an attacker to write endless log statements into the database without space limits or authentication. This results in consuming the entire available hard-disk space on the Ignition 8 Gateway (versions prior to 8.0.10), causing a denial-of-service condition. Inductive Automation Provided by Ignition 8 Gateway contains an improper access control vulnerability. Ignition 8 Gateway teeth, Inductive Automation Industrial software provided by. Ignition 8 Gateway has an improper access control vulnerability when writing logs to the database due to lack of authentication or data usage space restrictions. (CWE-284) exists.A remote third party writes endless logs to the database, causing a shortage of free space on the hard disk and causing service disruption. (DoS) condition may be caused. The platform supports SCADA (data acquisition and monitoring system), HMI (human machine interface), etc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0057",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ignition gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "inductiveautomation",
"version": "8.0.10"
},
{
"model": "ignition gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "inductiveautomation",
"version": "8.0"
},
{
"model": "ignition gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "inductive automation",
"version": null
},
{
"model": "ignition gateway",
"scope": null,
"trust": 0.8,
"vendor": "inductive automation",
"version": null
},
{
"model": "ignition gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "inductive automation",
"version": "8.0.10 earlier"
},
{
"model": "automation ignition gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "inductive",
"version": "8\u003c8.0.10"
},
{
"model": "ignition gateway",
"scope": "eq",
"trust": 0.1,
"vendor": "inductiveautomation",
"version": "8.0"
},
{
"model": "ignition gateway",
"scope": "eq",
"trust": 0.1,
"vendor": "inductiveautomation",
"version": "8.0.1"
},
{
"model": "ignition gateway",
"scope": "eq",
"trust": 0.1,
"vendor": "inductiveautomation",
"version": "8.0.2"
},
{
"model": "ignition gateway",
"scope": "eq",
"trust": 0.1,
"vendor": "inductiveautomation",
"version": "8.0.3"
},
{
"model": "ignition gateway",
"scope": "eq",
"trust": 0.1,
"vendor": "inductiveautomation",
"version": "8.0.4"
},
{
"model": "ignition gateway",
"scope": "eq",
"trust": 0.1,
"vendor": "inductiveautomation",
"version": "8.0.5"
},
{
"model": "ignition gateway",
"scope": "eq",
"trust": 0.1,
"vendor": "inductiveautomation",
"version": "8.0.6"
},
{
"model": "ignition gateway",
"scope": "eq",
"trust": 0.1,
"vendor": "inductiveautomation",
"version": "8.0.7"
},
{
"model": "ignition gateway",
"scope": "eq",
"trust": 0.1,
"vendor": "inductiveautomation",
"version": "8.0.8"
},
{
"model": "ignition gateway",
"scope": "eq",
"trust": 0.1,
"vendor": "inductiveautomation",
"version": "8.0.9"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-57119"
},
{
"db": "VULMON",
"id": "CVE-2020-10641"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003714"
},
{
"db": "NVD",
"id": "CVE-2020-10641"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:inductiveautomation:ignition_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.0.10",
"versionStartIncluding": "8.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10641"
}
]
},
"cve": "CVE-2020-10641",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-57119",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-163140",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-10641",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-003714",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-10641",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2020-003714",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-57119",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-1850",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-163140",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-10641",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-57119"
},
{
"db": "VULHUB",
"id": "VHN-163140"
},
{
"db": "VULMON",
"id": "CVE-2020-10641"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003714"
},
{
"db": "NVD",
"id": "CVE-2020-10641"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1850"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An unprotected logging route may allow an attacker to write endless log statements into the database without space limits or authentication. This results in consuming the entire available hard-disk space on the Ignition 8 Gateway (versions prior to 8.0.10), causing a denial-of-service condition. Inductive Automation Provided by Ignition 8 Gateway contains an improper access control vulnerability. Ignition 8 Gateway teeth, Inductive Automation Industrial software provided by. Ignition 8 Gateway has an improper access control vulnerability when writing logs to the database due to lack of authentication or data usage space restrictions. (CWE-284) exists.A remote third party writes endless logs to the database, causing a shortage of free space on the hard disk and causing service disruption. (DoS) condition may be caused. The platform supports SCADA (data acquisition and monitoring system), HMI (human machine interface), etc",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10641"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003714"
},
{
"db": "CNVD",
"id": "CNVD-2020-57119"
},
{
"db": "VULHUB",
"id": "VHN-163140"
},
{
"db": "VULMON",
"id": "CVE-2020-10641"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-10641",
"trust": 4.0
},
{
"db": "ICS CERT",
"id": "ICSA-20-112-01",
"trust": 3.2
},
{
"db": "JVN",
"id": "JVNVU92492058",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003714",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-57119",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1850",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.1403",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47367",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-163140",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-10641",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-57119"
},
{
"db": "VULHUB",
"id": "VHN-163140"
},
{
"db": "VULMON",
"id": "CVE-2020-10641"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003714"
},
{
"db": "NVD",
"id": "CVE-2020-10641"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1850"
}
]
},
"id": "VAR-202004-0057",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-57119"
},
{
"db": "VULHUB",
"id": "VHN-163140"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-57119"
}
]
},
"last_update_date": "2023-12-18T12:17:11.481000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Download\u00a0Ignition",
"trust": 0.8,
"url": "https://inductiveautomation.com/downloads/"
},
{
"title": "Patch for Inductive Automation Ignition 8 Gateway resource management error vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/236707"
},
{
"title": "Ignition 8 Gateway Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=116325"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-57119"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003714"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1850"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.1
},
{
"problemtype": "Inappropriate access control (CWE-284) [JPCERT/CC evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-400",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163140"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003714"
},
{
"db": "NVD",
"id": "CVE-2020-10641"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-112-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10641"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92492058/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47367"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1403/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/180237"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-57119"
},
{
"db": "VULHUB",
"id": "VHN-163140"
},
{
"db": "VULMON",
"id": "CVE-2020-10641"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003714"
},
{
"db": "NVD",
"id": "CVE-2020-10641"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1850"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-57119"
},
{
"db": "VULHUB",
"id": "VHN-163140"
},
{
"db": "VULMON",
"id": "CVE-2020-10641"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003714"
},
{
"db": "NVD",
"id": "CVE-2020-10641"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1850"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-57119"
},
{
"date": "2020-04-28T00:00:00",
"db": "VULHUB",
"id": "VHN-163140"
},
{
"date": "2020-04-28T00:00:00",
"db": "VULMON",
"id": "CVE-2020-10641"
},
{
"date": "2020-04-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003714"
},
{
"date": "2020-04-28T19:15:12.207000",
"db": "NVD",
"id": "CVE-2020-10641"
},
{
"date": "2020-04-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1850"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-57119"
},
{
"date": "2021-12-20T00:00:00",
"db": "VULHUB",
"id": "VHN-163140"
},
{
"date": "2020-05-06T00:00:00",
"db": "VULMON",
"id": "CVE-2020-10641"
},
{
"date": "2023-11-08T07:22:00",
"db": "JVNDB",
"id": "JVNDB-2020-003714"
},
{
"date": "2021-12-20T23:01:13.963000",
"db": "NVD",
"id": "CVE-2020-10641"
},
{
"date": "2021-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1850"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1850"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Inductive\u00a0Automation\u00a0 Made \u00a0Ignition\u00a08\u00a0Gateway\u00a0 Improper access control vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003714"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1850"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…