Inductive Automation Ignition Software

MonitorCVSS 6.3ICS-CERT ICSA-26-071-06Mar 12, 2026

Inductive Automation

Attack path

Attack VectorAdjacent

Auth RequiredHigh

ComplexityHigh

User InteractionRequired

Summary

A vulnerability in Inductive Automation Ignition versions prior to 8.3.0 allows an authenticated, privileged application user to execute malicious code with the permissions of the OS service account running the Ignition process. This occurs through improper handling of project imports or configuration changes (CWE-502 deserialization). The vulnerability is fixed in version 8.3.0; earlier versions require either upgrade or implementation of hardening controls to restrict the service account permissions and limit project import sources.

What this means

What could happen

An authenticated, privileged Ignition user could inadvertently trigger code execution with the permissions of the service account, potentially allowing manipulation of production processes or data. This impact depends on whether the service account has been properly restricted through hardening steps.

Who's at risk

Manufacturing, water utilities, and power distribution sites using Inductive Automation Ignition as an HMI/SCADA development and runtime platform should care about this. Anyone running Ignition 8.1.x or earlier and relying on it to manage process setpoints, tank levels, valve states, or other critical operations is at risk if the service account has not been properly hardened.

How it could be exploited

An attacker or malicious Ignition user with designer/admin credentials could craft a malicious project or configuration that, when processed by Ignition, executes arbitrary code with the OS service account privileges. The attack requires existing authentication and interaction by a privileged user.

Prerequisites

Valid Ignition Designer or Config Page (8.1.x) / Config Write (8.3.x) credentials
Ignition version 8.1.x or earlier
Service account running Ignition with excessive OS-level permissions

Requires valid credentials (not no-auth)High complexity (requires user interaction or malicious project)Service account privilege escalation risk if hardening not appliedCan execute arbitrary code on gateway host

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (1)

ProductAffected VersionsFix Status

Ignition Software: <8.3.0<8.3.08.3.0

Remediation & Mitigation

0/6

Do now

0/3

HARDENINGFor Ignition 8.1.x Windows deployments: Create a dedicated local service account with no group memberships (not a domain account), remove Administrator rights, and restrict file system permissions to only the Ignition installation directory

HARDENINGFor Ignition 8.1.x Linux deployments: Implement Ignition Security Hardening Guide Appendix A

WORKAROUNDRestrict Ignition project imports to verified and trusted sources only; use checksums or digital signatures to validate projects before import

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Ignition software to version 8.3.0 or later

HARDENINGEnforce MFA and strong credential management for all Ignition users with Designer permissions (8.1.x) or Config Write permissions (8.3.x)

Long-term hardening

0/1

HARDENINGSegment Ignition gateways from corporate networks and Windows Domain; use staging/dev/test environments before deploying to production

CVEs (1)

CVE-2025-13913

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b555ef30-5d07-4166-a72b-578a60384f0f

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.