Inductive Automation Ignition getJavaExecutable 目录遍历远程代码执行漏洞

此 RCE 漏洞允许攻击者在目标系统上执行任意代码，从而完全控制受影响的 Ignition 实例。攻击者可以利用此漏洞窃取敏感数据，例如数据库凭据、配置信息和用户数据。此外，攻击者还可以利用此漏洞进行横向移动，攻击网络中的其他系统。由于需要用户交互（连接到恶意服务器），因此攻击者可能需要诱骗用户点击恶意链接或访问恶意网站。该漏洞的潜在影响范围广泛，可能导致数据泄露、系统破坏和业务中断。

Organizations utilizing Inductive Automation Ignition for industrial control and SCADA applications are at risk. This includes critical infrastructure sectors such as manufacturing, energy, and utilities. Specifically, deployments with limited network segmentation or inadequate user awareness training are particularly vulnerable.

• linux / server: Monitor Ignition server logs for unusual connection attempts or errors related to file access. Use journalctl -u ignition to filter for relevant events.

journalctl -u ignition | grep -i "java executable"

• java: Examine Java process arguments for suspicious paths or command-line parameters. Use ps aux | grep ignition to list running processes and their arguments. • generic web: Monitor web server access logs for requests targeting the getJavaExecutable endpoint with unusual parameters. Use grep to search for suspicious patterns in the logs.

grep -i "java executable" /var/log/apache2/access.log

1. 2024-05-03Disclosure

   disclosure

1. 已保留2023-12-05
2. 发布日期2024-05-03
3. 修改日期2024-08-02
4. EPSS 更新日期2026-04-02

Inductive Automation 建议用户尽快升级到已修复的版本。如果无法立即升级，可以考虑以下缓解措施：限制对 Ignition 实例的访问，只允许授权用户连接。实施严格的网络安全策略，阻止对恶意服务器的连接。监控 Ignition 实例的日志，查找可疑活动。如果可能，配置防火墙以阻止来自未知来源的连接。在升级之前，务必备份 Ignition 实例，以便在升级失败时可以回滚。升级后，验证 Ignition 实例是否正常运行，并确认漏洞已成功修复。