Inductive Automation Ignition SCADA Python Library Import Vulnerability Allowing SYSTEM-Level Code Execution

A vulnerability exists in Inductive Automation Ignition SCADA applications that use Python scripting for automation. It stems from inadequate security measures that fail to limit which Python libraries can be imported and executed in the scripting environment. The issue is exacerbated by the Ignition service account having unnecessary system permissions. This vulnerability allows an authenticated administrator to upload a malicious project file with Python scripts that can execute a bind shell. These scripts run with the same privileges as the Ignition Gateway process, which typically has SYSTEM-level permissions on Windows. Other code execution methods could achieve similar results.

Impact

Exploitation of this vulnerability could lead to unauthorized SYSTEM-level code execution on the host operating system where the Ignition Gateway service is running on Windows.

Remediation

Users are advised to consult the Ignition Security Hardening Guide, which includes updated recommendations for restricting the Ignition service's security permissions. For specific questions or concerns, contact Inductive Automation's security team.