IM
IronMonkey Threat Research
‹ Back to ICS Advisories

Inductive Automation Ignition (Update A)

MEDIUM
CVSS 6.4
Date 2026-07-14T06:00:00+00:00
Source cisa-csaf
Published by CISA

// Description

Successful exploitation of this vulnerability could allow an attacker to be granted direct SYSTEM-level code execution on the host operating system running the Ignition Gateway service on Windows systems.

// Vulnerabilities (1)

CVE ID CVSS Score Severity Description
CVE-2025-13911 6.4 medium
Ignition by Inductive Automation, when installed with default OS service account settings, may expose the host system to an elevated code execution risk via the gateway backup restore functionality. An authenticated user with Gateway Administrator privileges can import a malicious gateway backup (.gwbk) file containing crafted project resources, scripts, or modules, resulting in code execution on the host system. This affects both Windows and Linux installations. On Windows, default installations often run the Ignition service as NT AUTHORITY\SYSTEM, resulting in code execution with full local system privileges. On Linux, default installations commonly run the Ignition service as root or with elevated privileges. Specific privilege level depends on installation configuration.

// Affected Products (1)

Vendor Product Asset Type Purdue Level Firmware
Inductive Automation Unknown hmi
L2
7.7.2

// Remediations (3)

Mitigation: For more information and updates, users should refer to Inductive Automation's Trust Portal.
For more information and updates, users should refer to Inductive Automation's Trust Portal.
Patch: Mitigation guidance covering OS-level service account hardening for both Windows and Linux is availa
Mitigation guidance covering OS-level service account hardening for both Windows and Linux is available in Annex A of the Ignition Security Hardening Guide. Application-level controls under a default installation are in development.
Mitigation: Inductive Automation encourages users to do the following in order to reduce the risk of this vulner
Inductive Automation encourages users to do the following in order to reduce the risk of this vulnerability:

// References