Inductive Automation Ignition Execution with Unnecessary Privileges_CVE-2025-13911

6.4 / 10

MEDIUM

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Description

The vulnerability affects Ignition SCADA applications where Python
scripting is utilized for automation purposes. The vulnerability arises
from the absence of proper security controls that restrict which Python
libraries can be imported and executed within the scripting environment.
The core issue lies in the Ignition service account having system
permissions beyond what an Ignition privileged user requires. When an
authenticated administrator uploads a malicious project file containing
Python scripts with bind shell capabilities, the application executes
these scripts with the same privileges as the Ignition Gateway process,
which typically runs with SYSTEM-level permissions on Windows.
Alternative code execution patterns could lead to similar results.

Basic Information

ID CVE-2025-13911

Source icscert

Published Dec 18, 2025 at 20:24

Affected Product

Vendor Inductive Automation

Product Ignition

Version 8.1.x

Affected Versions Inductive Automation Ignition 8.1.x
Inductive Automation Ignition 8.3.x

CWE Classification

CWE-250

References

{
    "lastseen": "",
    "description": "The vulnerability affects Ignition SCADA applications where Python \nscripting is utilized for automation purposes. The vulnerability arises \nfrom the absence of proper security controls that restrict which Python \nlibraries can be imported and executed within the scripting environment.\n The core issue lies in the Ignition service account having system \npermissions beyond what an Ignition privileged user requires. When an \nauthenticated administrator uploads a malicious project file containing \nPython scripts with bind shell capabilities, the application executes \nthese scripts with the same privileges as the Ignition Gateway process, \nwhich typically runs with SYSTEM-level permissions on Windows. \nAlternative code execution patterns could lead to similar results.",
    "published": "2025-12-18T20:24:30.118Z",
    "modified": "2025-12-18T20:24:30.118Z",
    "type": "cve",
    "title": "Inductive Automation Ignition Execution with Unnecessary Privileges",
    "source": "icscert",
    "references": "https://security.inductiveautomation.com/\nhttps://www.cisa.gov/news-events/ics-advisories/icsa-25-352-01\nhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-352-01.json",
    "id": "CVE-2025-13911",
    "bulletinFamily": "",
    "cwe": [
        "CWE-250"
    ],
    "cvelist": null,
    "sourceData": "Inductive Automation Ignition 8.1.x\nInductive Automation Ignition 8.3.x",
    "sourceHref": "",
    "cvss": {
        "score": 6.4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Ignition",
    "version": "8.1.x",
    "vendor": "Inductive Automation",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}