Welcome to the Inductive Automation Trust Portal
Thousands of companies worldwide depend on Ignition every day
- See Founder’s Message and Company Leadership
- Customers, Case Studies, Projects, and Discover Gallery
- IEC 62443-4-1 cert SDLC guide. (Duo/CrowdStrike) case studies
- Report vulnerabilities to security@inductiveautomation.com
We are working to provide external versions of our policies. Please contact us if specific policies are needed.
Trust Center Updates
Today, we executed a migration of our 8-character leased license activation service to a new system. At 2:43pm PT we ran into an unanticipated issue where some licenses were unable to connect to the new service. This caused those licenses to not get a session resulting in Ignition reverting to trial period after the 4 hour expiration time. We have reverted back to the previous system at 6:20pm PT and all systems are functional again. We will perform a retrospective to understand the root cause and do everything we can to prevent this kind of issue in the future. We apologize and thank you for your patience and understanding.
Inductive Automation self-attests to NIST Secure Software Development Framework (SSDF) standards
ComplianceCopy linkInductive Automation is proud to self-attest to adherence to the National Institute of Standards and Technology (NIST) Secure Software Development Framework (SSDF) version 1.1 based on Special Publication 800-218 standards. This set of cybersecurity standards is important to the US federal government and has been requested by customers. Inductive Automation continues to invest in secure software development practices as a priority.
Inductive Automation offers a special thanks to the following security researchers from Trend Micro Zero Day Initiative, Star Labs, Incite Team, and Claroty Research Team82 for their hard work in finding and responsibly disclosing security vulnerabilities described in this tech advisory. All reported issues have been resolved as of Ignition 8.1.35. Inductive Automation recommends upgrading Ignition to the current version to address known vulnerabilities.
ZDI-CAN-17571, ZDI-CAN-17587, ZDI-CAN-22028, ZDI-CAN-22029, ZDI-CAN-22067. Credit to Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative.
ZDI-CAN-19915. Credit to Nguyễn Tiến Giang (Jang) of STAR Labs SG Pte. Ltd, working with Trend Micro Zero Day Initiative.
ZDI-CAN-20290, ZDI-CAN-20291. Credit to Rocco Calvi (@TecR0c and Steven Seeley (mr_me of Incite Team working with Trend Micro Zero Day Initiative.
ZDI-CAN-20499. Credit to Claroty Research - Team82: Uri Katz, Noam Moshe, Vera Vens, Sharon Brizinov.
ZDI-CAN-21801, ZDI-CAN-21624, ZDI-CAN-21625, ZDI-CAN-21926. Credit to Nguyen Quoc Viet (Petrus Viet) of VNG Security Researcher working with Trend Micro Zero Day Initiative.
ZDI-CAN-22127. Credit to Andy Niu of Trend Micro.
CVE-02023-6834. Credit to Ngo Wei Lin (@Creastery) of STAR Labs SG Pte. Ltd. (@starlabs_sg).
Ignition 8.1.35 is now available for download. This release fixes the regression introduced in 8.1.34 with remote tags. Inductive Automation recommends that all customers prioritize their upgrade to 8.1.35 based on critical security updates addressing weaknesses disclosed in this Technical Advisory including code-signing improvements and protections against unsafe Java deserialization patterns. There are no publicly known exploits.
Inductive Automation recommends following the Ignition Security Hardening Guide, especially with regards to proper network segmentation, keeping the environment up to date, and working with trusted files and systems.
Ignition 8.1.34 has been removed from our website and will be replaced with 8.1.35 as soon as possible. The build includes an issue that causes remote tag states to reflect “Bad_Stale” quality in specific circumstances. This issue only applies to systems that leverage a remote tag provider (multiple Ignition gateways communicating over the Gateway Network).
Ignition 8.1.35 will be made available once the issue is fixed and tested. This version will be unchanged from 8.1.34 except for the fix. The update is expected to be available within 2 days or less.
If you’ve installed 8.1.34 and are affected by this issue, you have a couple of options:
- Revert to a prior version of Ignition. If you have a pre-8.1.34 Gateway backup, there is an option to revert the backend gateway to the previous version. An 8.1.34 Frontend works as expected.
- Stay on 8.1.34 and apply a workaround. Contact Inductive Automation Support to work around the issue with 8.1.34. This will involve installing additional modules on the backend gateway.
A new announcement will be posted when 8.1.35 is released. Inductive Automation recommends that all customers running 8.1.34 upgrade to the latest version once it is available.
Inductive Automation recommends that customers upgrade Ignition to 8.1.34. This version includes critical security updates addressing weaknesses disclosed in this Technical Advisory including code signing improvements and protections against unsafe Java deserialization patterns. There are no publicly known exploits. Additionally, Inductive Automation recommends following the Ignition Security Hardening Guide, especially with regards to proper network segmentation, keeping the environment up to date, and working with trusted files and systems.
As an update to our Technical Advisory on 8 August 2023, Inductive Automation is actively addressing vulnerabilities disclosed earlier this month as a top priority. ZDI-CAN-17571 (XXE attack) will be fixed in Ignition 8.1.32 (Sep 12th release). ZDI-CAN-20499 (OPC-UA resource exhaustion) is on track for 8.1.33 (Oct 17th). We completed design work including threat modeling and attack surface analysis and are working on implementation work addressing Java deserialization vulnerabilities. Additional reports have been submitted to IA from security researchers following the ZDI disclosure this month. These are being verified in detail and are believed to be variants of existing submissions that will be addressed by upcoming updates. These vulnerabilities can be mitigated by following best practices from the Ignition Security Hardening Guide, especially related to proper network segmentation, keeping the environment up to date, and working with trusted files and systems.
Today, the Zero Day Initiative (ZDI) published six security advisories related to Ignition 8.1. We are actively investigating and working on fixes. You can read our response to each of these advisories and our recommendations for mitigation at: https://support.inductiveautomation.com/hc/en-us/articles/18333051904653--Tech-Advisory-Regarding-the-Security-Advisories-Published-by-the-ZDI-on-8-August-2023
Trust Center Updates are the primary public information conduit for Coordinated Vulnerability Disclosure (CVD) with Ignition. Please subscribe for email updates. Posts and associated emails summarize Ignition-related vulnerabilities, issues, impact, and recommendations. Technical Advisory links will often include additional information.
Inductive Automation takes pride in significant investment in stability, security, quality, and privacy throughout the entire Ignition secure Software Development Lifecycle (SDLC) and associated processes. This includes a commitment to prioritize resolution, proactively seek vulnerabilities, and be transparent with our outstanding community. We love hiring regular third-party penetration testing and participating in the S4x Pwn2Own competition each year!
Recommendations: Inductive Automation provides resources such as the Ignition Security Hardening Guide and the Ignition Server Sizing and Architecture Guide. The online user manual, Inductive University, and forum, also provides free resources. Paid training is also available.
Inductive Automation recommends partnering with one of the thousands of System Integrators who can help navigate the process of securing and assuring Ignition within the customer environment throughout the system lifecycle in accordance with business requirements.
Reporting and communication: Inductive Automation welcomes all feedback, especially on security-related matters. The best email address is: security@inductiveautomation.com, using the Inductive Automation public PGP key if encrypted communication is needed. Support, Account Representatives, and Sales Engineers are also available to help.
Inductive Automation fixed an RCE vulnerability disclosed by the Zero Day Initiative (ZDI), independently exploited by Team82 (Claroty) and 20urdjk "Urge" security researchers as part of the ICS Pwn2own 2023 ethical hacking competition. The update will be included in 8.1.26, available in the "nightly" build on Feb 17th.
https://inductiveautomation.com/downloads/ignition/
Great work from ZDI, Claroty, "Urge", and the Inductive Automation Development and QA teams!!!
Announcement. Inductive Automation will be back to compete in the ICS/SCADA-themed Pwn2Own event at S4x in Miami for the “OPC UA Server” and “OPC UA Client” categories. Attack Scenarios are: Denial of Service (DOS), Remote Code Execution (RCE), Credential Theft, and Bypass Trusted Application Check. Other categories include “Data Gateway” and “Edge”.
Best of luck to all participants! Updates to follow as vulnerabilities are found and fixed!
False positive. The best practice configuration recommendation is to enforce https (TLS 1.2+) with genuine certificates in accordance with the Ignition Security Hardening Guide, preferably enabling HSTS.
Background. Some cybersecurity scanning tools flag on a URL string like "idp/default/authn/login?token=xxxx", assuming that the token is a session identifier. It is not. The token is a cryptographic nonce with a short "time to live" value. Ignition uses the token to orchestrate the handoff between the internal Ignition Identity Provider's OpenID Connect authorization endpoint and the authentication workflow. This is separate from a possible nonce variable that might also appear in the same URL string.
The token is bound to the user's session which is tracked by an HTTP cookie passed in the HTTP headers. The session cookie is protected when Ignition is properly configured to use https. Therefore, it follows that as long as a user's session is secure, associated tokens will also be secure, even if they are leaked, since an attacker would have to know the session ID in order to use the token.
If you think you may have discovered a vulnerability, please send us a note.