CVE-2020-10644

HIGH

Ignition <8.0.10, <7.9.14 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-10644. Includes Metasploit module exploits/multi/scada/inductive_ignition_rce.

AI-analyzed exploit summary This Metasploit module exploits a Java deserialization vulnerability (CVE-2020-10644) in Inductive Automation Ignition SCADA versions 8.0.0 to 8.0.7. It achieves unauthenticated remote code execution by sending a malicious serialized payload via HTTP POST to the `/system/gateway` endpoint.

Description

The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.

Exploits (1)

metasploit WORKING POC EXCELLENT

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/scada/inductive_ignition_rce.rb

View Code ZIP pw:eip

This Metasploit module exploits a Java deserialization vulnerability (CVE-2020-10644) in Inductive Automation Ignition SCADA versions 8.0.0 to 8.0.7. It achieves unauthenticated remote code execution by sending a malicious serialized payload via HTTP POST to the `/system/gateway` endpoint.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Inductive Automation Ignition SCADA 8.0.0 to 8.0.7

No auth needed

Prerequisites: Network access to the target's HTTP interface (port 8088 by default) · Target running a vulnerable version of Inductive Automation Ignition

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, US Government Resource x_refsource_misc

https://www.us-cert.gov/ics/advisories/icsa-20-147-01

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/158226/Inductive-Automation-Ignition-Remote-Code-Execution.html

Scores

CVSS v3 7.5

EPSS 0.2021

EPSS Percentile 97.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-502

Status published

Products (1)

inductiveautomation/ignition_gateway 7.2.4.48 - 7.9.14

Published Jun 09, 2020

Tracked Since Feb 18, 2026