ZDI-CAN-20539: ZDI-23-1013: (Pwn2Own) Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code Execution Vulnerability
First published: Tue Aug 01 2023(Updated: )
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Inductive Automation Ignition 8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of ZDI-CAN-20539?
ZDI-CAN-20539 is considered a high-severity vulnerability due to its potential to allow remote code execution.
How do I fix ZDI-CAN-20539?
To mitigate ZDI-CAN-20539, ensure you apply the latest security updates provided by Inductive Automation for Ignition.
What types of systems are affected by ZDI-CAN-20539?
ZDI-CAN-20539 specifically affects installations of Inductive Automation Ignition.
Can the authentication mechanism be bypassed in ZDI-CAN-20539?
Yes, the vulnerability allows an attacker to bypass the existing authentication mechanism.
Is remote access required to exploit ZDI-CAN-20539?
Yes, remote access is required to exploit ZDI-CAN-20539, although it's noted that authentication can be bypassed.
- collector/zdi-published
- alias/ZDI-CAN-20539
- agent/first-publish-date
- agent/last-modified-date
- agent/severity
- agent/references
- agent/title
- agent/description
- agent/source
- agent/type
- agent/softwarecombine
- agent/tags
- agent/event
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-23-1013
- alias/CVE-2023-38122
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/inductive automation
- canonical/inductive automation ignition 8