| CVE ID | CVSS Score | Severity | Description |
|---|---|---|---|
| CVE-2025-13911 | 6.4 | medium |
Ignition by Inductive Automation, when installed with default OS service account settings, may expose the host system to an elevated code execution risk via the gateway backup restore functionality. An authenticated user with Gateway Administrator privileges can import a malicious gateway backup (.gwbk) file containing crafted project resources, scripts, or modules, resulting in code execution on the host system. This affects both Windows and Linux installations. On Windows, default installations often run the Ignition service as NT AUTHORITY\SYSTEM, resulting in code execution with full local system privileges. On Linux, default installations commonly run the Ignition service as root or with elevated privileges. Specific privilege level depends on installation configuration.
|
| Vendor | Product | Asset Type | Purdue Level | Firmware |
|---|---|---|---|---|
| Inductive Automation | Unknown | hmi |
L2
|
7.7.2 |