Summary
Successful exploitation of this vulnerability could allow an attacker to be granted direct SYSTEM-level code execution on the host operating system running the Ignition Gateway service on Windows systems.
The following versions of Inductive Automation Ignition are affected:
- Ignition (CVE-2025-13911)
| CVSS | Vendor | Equipment | Vulnerabilities |
|---|---|---|---|
| v3 6.4 | Inductive Automation | Inductive Automation Ignition | Execution with Unnecessary Privileges |
Background
- Critical Infrastructure Sectors: Critical Manufacturing, Energy, Information Technology
- Countries/Areas Deployed: Worldwide
- Company Headquarters Location: United States
Vulnerabilities
CVE-2025-13911
The vulnerability affects Ignition SCADA applications where Python scripting is utilized for automation purposes. The vulnerability arises from the absence of proper security controls that restrict which Python libraries can be imported and executed within the scripting environment. The core issue lies in the Ignition service account having system permissions beyond what an Ignition privileged user requires. When an authenticated administrator uploads a malicious project file containing Python scripts with bind shell capabilities, the application executes these scripts with the same privileges as the Ignition Gateway process, which typically runs with SYSTEM-level permissions on Windows. Alternative code execution patterns could lead to similar results.
Affected Products
Inductive Automation Ignition
Inductive Automation
Read the original article: