Multiple vulnerabilities in Inductive Automation Ignition


today we recibet a Newsletter about vulnerabilities in Inductive Automation Ignition.

The researcher, 20urdjk , has reported 3 high severity vulnerabilities in the Ignition product, from the manufacturer Inductive Automation, whose exploitation could allow remote code execution or authentication bypass.


Do you know anything about it?

They say that you should update to the latest version, do you know if there is any other solution and not update?

Today is the coordinated disclosure date for these issues discovered at ZDI earlier this year.

Upgrading to 8.1.26 or later is the only recommended course of action.


Note that v7.8 and v8.0 are completely end-of-life. v7.9 is in the "limited support" phase until next June. Only v8.1.x is in Active Support, and receives bug fixes. While an exception could be made for a v7.9 security fix, don't hold your breath.

Upgrade to v8.1.x.

Dates from this IA blog post: