Inductive Automation Ignition

MonitorCVSS 6.4ICS-CERT ICSA-25-352-01Dec 18, 2025

Inductive Automation

Attack path

Attack VectorAdjacent

Auth RequiredHigh

ComplexityHigh

User InteractionNone needed

Summary

A vulnerability in Inductive Automation Ignition 8.1.x and 8.3.x allows an attacker to gain SYSTEM-level code execution on the Windows host running the Ignition Gateway service.

What this means

What could happen

An attacker with specific privileges on a Windows system could execute arbitrary commands with SYSTEM privileges on the Ignition Gateway host, potentially allowing them to modify process data, alter control logic, or disrupt manufacturing operations.

Who's at risk

Organizations running Inductive Automation Ignition 8.1.x or 8.3.x as their manufacturing HMI/SCADA gateway on Windows systems—particularly food & beverage processing plants, pharmaceutical manufacturers, chemical facilities, and discrete manufacturers using Ignition for real-time process monitoring and control—should treat this as a critical control system risk due to the lack of vendor patch availability.

How it could be exploited

An attacker with administrative or elevated user privileges on the Windows system running Ignition Gateway could exploit this vulnerability to escalate to SYSTEM-level code execution, then control or manipulate the gateway's operations and the industrial processes it manages.

Prerequisites

Administrative or elevated user privileges on the Windows system hosting Ignition Gateway
Local access to the Windows system or remote access via a legitimate admin account
Ignition Gateway service running on Windows with versions 8.1.x or 8.3.x

low complexityhigh privilege requiredno patch availableaffects control system operationslocal/adjacent network access required

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (1)

ProductAffected VersionsFix Status

Ignition: 8.1.x|8.3.x8.1.x|8.3.xNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGIsolate Ignition Gateway systems on a segregated network segment with strict firewall rules limiting access to only authorized engineering workstations and field devices that require gateway connectivity

HARDENINGRestrict administrative and privileged user access to Windows systems running Ignition Gateway; remove unnecessary admin accounts and enforce strong multi-factor authentication for any remaining privileged accounts

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXPlan migration from Ignition 8.1.x or 8.3.x to a patched or newer version not subject to this vulnerability; coordinate with operations to schedule downtime for the upgrade

HARDENINGImplement host-based monitoring and logging on Windows systems running Ignition Gateway to detect unauthorized SYSTEM-level process execution or code execution attempts

CVEs (1)

CVE-2025-13911

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/9cdff533-a3fd-40a8-bf4d-2e1d806890cc

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.