IM
IronMonkey Threat Research

CVE-2025-13911 HIGH

Published: 2025-12-18 | Last Modified: 2026-04-15 | Status: Deferred

Description

The vulnerability affects Ignition SCADA applications where Python scripting is utilized for automation purposes. The vulnerability arises from the absence of proper security controls that restrict which Python libraries can be imported and executed within the scripting environment. The core issue lies in the Ignition service account having system permissions beyond what an Ignition privileged user requires. When an authenticated administrator uploads a malicious project file containing Python scripts with bind shell capabilities, the application executes these scripts with the same privileges as the Ignition Gateway process, which typically runs with SYSTEM-level permissions on Windows. Alternative code execution patterns could lead to similar results.

CVSS Metrics

Base Score: 6.4 (MEDIUM)

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack VectorADJACENT_NETWORK
Attack ComplexityHIGH
Privileges RequiredHIGH
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactHIGH
Integrity ImpactHIGH
Availability ImpactHIGH

Source: [email protected]

Type: Secondary

Exploitability Score: 0.5

Impact Score: 5.9

Base Score: 7.3 (HIGH)

CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack VectorADJACENT
Attack ComplexityHIGH
Attack RequirementsNONE
Privileges RequiredHIGH
User InteractionNONE
Vulnerability ConfidentialityHIGH
Vulnerability IntegrityHIGH
Vulnerability AvailabilityHIGH
Subsequent ConfidentialityNONE
Subsequent IntegrityNONE
Subsequent AvailabilityNONE

Source: [email protected]

Type: Secondary

Weaknesses

Source Type Description
[email protected] Primary
en CWE-250
Notification
Message here