How to remediate – Inductive Automation Ignition Detection

1. Introduction

Inductive Automation Ignition Detection indicates that a web-based SCADA HMI solution is running on the remote host. This type of system controls industrial processes and is often exposed to the internet, making it a target for attackers. Successful exploitation could lead to disruption of operations or data breaches. Confidentiality, integrity, and availability may be impacted.

2. Technical Explanation

Inductive Automation Ignition is a web-based SCADA HMI solution that provides a graphical interface for controlling industrial equipment. The detection indicates the presence of this software on the host system. An attacker could potentially exploit vulnerabilities within Ignition to gain unauthorized access and control of the connected systems. There are no known CVEs associated with simply detecting the presence of Ignition, but it flags a system requiring further security assessment.

• Root cause: The presence of the Ignition software itself is not a root cause, but rather an indicator that a potentially vulnerable system exists.
• Exploit mechanism: An attacker would first identify the host running Ignition and then attempt to exploit known vulnerabilities within the software or its underlying components.
• Scope: Affected platforms are those running Inductive Automation Ignition SCADA HMI solution.

3. Detection and Assessment

Confirming whether a system is vulnerable requires identifying the Ignition installation and assessing its version and configuration.

• Quick checks: Access the web interface of the suspected host. The presence of an Ignition login page confirms its existence.
• Scanning: Nessus or other vulnerability scanners may have plugins to detect Inductive Automation Ignition. These should be used as examples only, as accuracy can vary.
• Logs and evidence: Review web server logs for requests associated with the Ignition application path.

# No specific command available for detection beyond UI access

4. Solution / Remediation Steps

The primary solution is to assess the security posture of the Ignition installation and apply appropriate updates or mitigations.

4.1 Preparation

• Services: No services need to be stopped for initial assessment, but stopping the Ignition gateway may be required during patching.
• Roll back plan: Restore from backup if updates cause issues.

4.2 Implementation

1. Step 1: Visit https://inductiveautomation.com/ to check for the latest Ignition version and security advisories.
2. Step 2: Log in to the Ignition gateway web interface as an administrator.
3. Step 3: Navigate to Admin > System Information to determine the current Ignition version.
4. Step 4: If a newer version is available, download and install it following Inductive Automation’s documentation.

4.3 Config or Code Example

This vulnerability does not involve specific configuration changes; however, ensuring regular updates is crucial.

Before

# Current Ignition version: 8.1.15 (example)

After

# Updated Ignition version: 8.2.0 (example - latest stable release)

4.4 Security Practices Relevant to This Vulnerability

Several security practices can help mitigate risks associated with SCADA HMI systems like Ignition.

• Least privilege: Limit access to the Ignition gateway and connected systems based on user roles and responsibilities.
• Patch cadence: Establish a regular schedule for applying security updates to Ignition and its underlying components.

4.5 Automation (Optional)

No automation is available for this vulnerability.

5. Verification / Validation

Confirm the fix by verifying the updated Ignition version and performing basic service checks.

• Post-fix check: Log in to the Ignition gateway web interface as an administrator and navigate to Admin > System Information. Verify that the displayed version matches the expected updated version.
• Re-test: Re-run the initial detection steps (web interface access) and confirm that the system is still accessible.
• Smoke test: Test basic SCADA functionality, such as data monitoring and control operations, to ensure they are working correctly.

# No specific command available for post-fix verification beyond UI access

6. Preventive Measures and Monitoring

Implement preventive measures to reduce the risk of future vulnerabilities.

• Baselines: Incorporate Ignition security best practices into a system baseline or policy.
• Pipelines: Implement automated vulnerability scanning as part of the CI/CD pipeline.
• Asset and patch process: Regularly review and update asset inventories to ensure all systems are accounted for and patched promptly.

7. Risks, Side Effects, and Roll Back

Updating Ignition may introduce compatibility issues with existing modules or integrations.

• Roll back: Restore from the backup created prior to the update if any issues arise.

8. References and Resources

Refer to official Inductive Automation documentation for more information.

• Vendor advisory or bulletin: https://inductiveautomation.com/