Remote Code Execution bug exist prior to 8.0.0?

Recently saw that java deserialiation exploit used to execute code remotely in Ignition 8.0.0 to 8.0.7. We’ve taken to upgrading any customers who have those versions. I was asked if a customer who is using 7.9.9 also has to upgrade to protect against this exploit - do they? Or is this exploit strictly for 8.0.0 through 8.0.7?

You can read more about the exploit I believe you’re referring to here:

It’s quite a read, but toward the end we clarify an important point for you:

Quickly, however, we want to point out that the vulnerabilities found only apply to Ignition 8.0 and above .

2 Likes

That is the exploit, and that is the answer I needed, thank you.

1 Like