Description
A privileged Ignition user, intentionally or otherwise, imports an external file with a specially crafted payload, which executes embedded malicious code.
Published: 2026-03-12
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A privileged Ignition user can import an external file containing specially crafted payload, resulting in execution of embedded malicious code. This deserialization flaw allows an attacker with import privileges to run arbitrary code on the Ignition gateway. The weakness is identified as CWE‑502 (Deserialization of Untrusted Data).

Affected Systems

Inductive Automation Ignition Software, specifically versions 8.1.x. The vulnerability is fixed by upgrading to version 8.3.0 or later. Vendors have issued a solution recommending this upgrade.

Risk and Exploitability

The CVSS score is 5.4, indicating a medium severity vulnerability. The EPSS score is below 1%, suggesting the likelihood of exploitation is currently low, and it is not listed in the CISA KEV catalog. The attack vector is inferred as a local privilege escalation scenario, where an attacker must have import rights within the Ignition gateway to exploit the flaw. Because the exploit requires privileged user access, the risk to systems without such access is reduced, but any environment with the ability to import untrusted projects remains at risk.

Generated by OpenCVE AI on March 17, 2026 at 17:01 UTC.

Remediation

Vendor Solution

Upgrade Ignition software from 8.1.x to 8.3.0 or greater.

Vendor Workaround

MITIGATION (8.1.x Linux). Implement Ignition Security Hardening Guide Appendix A. https://inductiveautomation.com/resources/article/ignition-security-hardening-guide

OpenCVE Recommended Actions

  • Upgrade Ignition software to version 8.3.0 or greater (official solution).
  • Apply the provided workaround by following the Ignition Security Hardening Guide Appendix A for Linux and Windows, including creating a dedicated local service account, restricting file system access, and enforcing strong credential management.
  • Restrict project imports to verified and trusted sources only, using checksums or digital signatures.
  • Use separated environments (Dev, Test, Prod) with a staging workflow to prevent new data from entering production immediately.
  • Where feasible, isolate Ignition gateways from corporate resources and Windows domains, configure the service account with the least privileges, and consider deploying Ignition within hardened or containerized environments.

Generated by OpenCVE AI on March 17, 2026 at 17:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Mar 2026 15:45:00 +0000

Type Values Removed Values Added
Description If an Ignition user imports an external file with a specially crafted payload, it could execute embedded malicious code during deserialization. A privileged Ignition user, intentionally or otherwise, imports an external file with a specially crafted payload, which executes embedded malicious code.

Mon, 16 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Description Inductive Automation Ignition Software is vulnerable to an unauthenticated API endpoint exposure that may allow an attacker to remotely change the "forgot password" recovery email address. If an Ignition user imports an external file with a specially crafted payload, it could execute embedded malicious code during deserialization.

Fri, 13 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Inductiveautomation
Inductiveautomation ignition
Vendors & Products Inductiveautomation
Inductiveautomation ignition

Thu, 12 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 18:45:00 +0000

Type Values Removed Values Added
Description Inductive Automation Ignition Software is vulnerable to an unauthenticated API endpoint exposure that may allow an attacker to remotely change the "forgot password" recovery email address.
Title Inductive Automation Ignition Software Deserialization of Untrusted Data
Weaknesses CWE-502
References
Metrics cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 5.4, 'vector': 'CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L'}

Subscriptions

Inductiveautomation Ignition
cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-03-17T15:29:47.962Z

Reserved: 2025-12-02T17:43:55.964Z

Link: CVE-2025-13913

cve-icon Vulnrichment

Updated: 2026-03-12T19:06:39.250Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-12T19:16:14.250

Modified: 2026-03-17T16:16:17.210

Link: CVE-2025-13913

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:48:35Z

Weaknesses