Regarding the Security Advisories Published by the ZDI on 8 August 2023
On August 8th, 2023, Trend Micro’s Zero Day Initiative (ZDI), the organizers of ICS Pwn2Own, published six security advisories relevant to all versions of Ignition 8.1. Inductive Automation’s response to each of these advisories can be found below.
In addition to the specific recommendations below, we generally recommend that Ignition users stay up to date with the latest stable version of Ignition and adhere to the Ignition Security Hardening Guide to reduce attack surface and minimize the impact of any successful attack.
| Ignition Ticket | ZDI-CAN | CVE |
| IGN-8149 (8.1.32) | ZDI-CAN-17571 | CVE-2023-39472 |
| IGN-7080 (8.1.35) | ZDI-CAN-19915 | CVE-2023-39474 |
| IGN-8232 (8.1.35) |
ZDI-CAN-17587 ZDI-CAN-20290 ZDI-CAN-20291 ZDI-CAN-21801 ZDI-CAN-21624 ZDI-CAN-21625 ZDI-CAN-21926 ZDI-CAN-22067 ZDI-CAN-22127 (Star Labs Report) |
CVE-2023-39473 CVE-2023-39475 CVE-2023-39476 CVE-2023-50220 CVE-2023-50218 CVE-2023-50219 CVE-2023-50221 CVE-2023-50222 CVE-2023-50223 CVE-02023-6834 |
| IGN-7285 (8.1.33) | ZDI-CAN-20499 |
CVE-2023-39477 |
| IGN-8336 (8.1.33) |
ZDI-CAN-22028 ZDI-CAN-22029 |
(CVE Not Assigned) (CVE Not Assigned) |
IGN-8149
IGN-8149 addresses an issue where an administrator can load a specially crafted malicious file. It takes advantage of an acknowledged parsing weakness when importing certain Ignition resources. The attacker could trigger an XML External Entity (XXE) attack that could lead to the disclosure of confidential data stored on an Ignition server.
Fixed in Ignition 8.1.32.
Best Practices: train privileged users to import resources, configuration, and backup files only from trusted sources.
IGN-7080
IGN-7080 fixed an issue involving a threat actor replacing legitimate Ignition gateway binary files with maliciously crafted equivalents. This attack can be used to execute malicious code on the client when launching the Ignition Designer or Vision Client, not applicable to Perspective.
Fixed in Ignition 8.1.35.
Best Practices: train users to only connect to trusted Ignition gateways with secure communication (https/TLS) and verify certificates.
IGN-8232
IGN-8232 addresses multiple issues where attackers take advantage of a Java deserialization flaw within the Ignition Gateway. A threat attacker with privileged access could take advantage of the vulnerability by crafting a special payload that allows remote code execution on the target Gateway in a way that was not designed. Multiple attack chains have been reported using this pattern.
Ignition 8.1.35 includes critical security updates addressing these weaknesses against unsafe Java deserialization patterns.
Best Practices: ensure all Ignition Gateways in a Gateway Network are configured to require TLS and Two-Way Authentication. Approve only those certificates associated with Gateways you trust. External controls can also be helpful, such as using a firewall to limit Gateway Network traffic to only those Gateways which should be allowed to communicate with each other by design.
IGN-7285
IGN-7285 addresses ZDI-CAN-20499 (CVE-2023-39477) involving an external trusted OPC UA client connection initiating a denial of service attack against the Ignition OPC UA server by programmatically starving resources.
Ignition 8.1.33 addresses this issue.
Best Practices: only connect Ignition to trusted OPC UA clients or servers and segmenting Ignition Gateways from untrusted sources. Finally, adhere to the Ignition Security Hardening Guide to reduce the attack surface and minimize the impact of any successful attack.
IGN-8336
IGN-8336 fixed an issue involving unsensitized values retrieved from the gateway and passed to the command line prior to launching a Designer or Vision Client.
Ignition 8.1.33 addresses this issue.
Special Thanks
Inductive Automation thanks the following security researchers from Trend Micro Zero Day Initiative, Star Labs, Incite Team, and Claroty Research Team 82 for their hard work in finding and responsibly disclosing security vulnerabilities:
- ZDI-CAN-17571, ZDI-CAN-17587, ZDI-CAN-22028, ZDI-CAN-22029, ZDI-CAN-22067
- These vulnerabilities were discovered by Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative.
- ZDI-CAN-19915
- This vulnerability was discovered by Nguy\xe1\xbb\x85n Ti\xe1\xba\xbfn Giang (Jang) of STAR Labs SG Pte. Ltd. working with Trend Micro Zero Day Initiative.
- ZDI-CAN-20290, ZDI-CAN-20291
- These vulnerabilities were discovered by Rocco Calvi (@TecR0c) and Steven Seeley (mr_me) of Incite Team working with Trend Micro Zero Day Initiative.
- ZDI-CAN-20499
- This vulnerability was discovered by Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Vens, Sharon Brizinov.
-
ZDI-CAN-21801, ZDI-CAN-21624, ZDI-CAN-21625, ZDI-CAN-21926
- These vulnerabilities were discovered by Nguyen Quoc Viet (Petrus Viet) of VNG Security Researcher working with Trend Micro Zero Day Initiative.
-
ZDI-CAN-22127
- This vulnerability was discovered by Andy Niu of Trend Micro.
-
CVE-02023-6834
- This vulnerability was discovered by Ngo Wei Lin ([@Creastery](https://twitter.com/Creastery)) of STAR Labs SG Pte. Ltd. ([@starlabs_sg](https://twitter.com/starlabs_sg)).
Comments
0 comments
Article is closed for comments.