Recently saw that java deserialiation exploit used to execute code remotely in Ignition 8.0.0 to 8.0.7. We’ve taken to upgrading any customers who have those versions. I was asked if a customer who is using 7.9.9 also has to upgrade to protect against this exploit - do they? Or is this exploit strictly for 8.0.0 through 8.0.7?
You can read more about the exploit I believe you’re referring to here:
It’s quite a read, but toward the end we clarify an important point for you:
Quickly, however, we want to point out that the vulnerabilities found only apply to Ignition 8.0 and above .
That is the exploit, and that is the answer I needed, thank you.