On July 26th, 2022 the Cybersecurity and Infrastructure Security Agency (CISA) published an Industrial Control Systems (ICS) Advisory ICSA-22-207-01 which discloses a security vulnerability in one of Ignition’s config pages. This vulnerability is present in all Ignition 8.1 versions prior to 8.1.8 and all Ignition 7.9 versions prior to 7.9.21. The vulnerability has been patched in Ignition versions 8.1.8 and 7.9.21.
This particular security vulnerability takes advantage of a flaw within the “Restore Backup” functionality accessible from Gateway Web Interface > Config > System > Backup / Restore. An attacker could craft a special type of gateway backup zip file containing a specially crafted backupinfo.xml file which can be used to trigger an XML External Entity (XXE) attack against the Ignition Gateway. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the Gateway host, and other system impacts.
This vulnerability requires a user with config level access to exploit the system. An attacker could directly exploit this vulnerability if they have config level access, though an attacker would already have the highest level of access possible at that point, so this vulnerability provides no additional benefit.
A much more likely attack scenario would be to target a trusted user with config page access. If the attacker could persuade the victim to upload their malicious zip file under the guise of a trusted gateway backup to be restored, the attacker could get the victim to attack their own Gateway.
To mitigate this vulnerability, Inductive Automation recommends users upgrade to the latest stable version of Ignition. Train users with config page access to maintain strong passwords and practice secure credentials management practices. Consider using an IdP which supports two-factor authentication. Train users to only restore gateway backups from trusted sources. Finally, harden Ignition and its environment to reduce the attack surface and minimize the impact of any successful attack.