Inductive Automation Ignition Remote Code Execution

Posted by deepcore on June 26, 2020 – 8:53 pm

This Metasploit module exploits a Java deserialization vulnerability in the Inductive Automation Ignition SCADA product, versions 8.0.0 to (and including) 8.0.7. This exploit was tested on versions 8.0.0 and 8.0.7 on both Linux and Windows. The default configuration is exploitable by an unauthenticated attacker, which can achieve remote code execution as SYSTEM on a Windows installation and root on Linux. The vulnerability was discovered and exploited at Pwn2Own Miami 2020 by the Flashback team (Pedro Ribeiro + Radek Domanski).

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Microsoft: Patch Your Exchange Servers, They're Under Attack iOS / macOS Wifi Proximity Kernel Double-Free »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Inductive Automation Ignition Remote Code Execution

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL