Inductive Automation Ignition Software
Summary
Inductive Automation Ignition Software versions prior to 8.3.0 are affected by a deserialization vulnerability (CVE-2025-13913). Successful exploitation allows an attacker to execute malicious code with OS application service account permissions by importing a specially crafted external file.
IFF Assessment
The vulnerability allows for unauthorized code execution with elevated privileges, posing a significant risk to the integrity and availability of industrial control systems.
Severity
Defender Context
Defenders should prioritize patching affected Inductive Automation Ignition Software to version 8.3.0 or later. For systems that cannot be immediately upgraded, implementing the vendor's security hardening guides and ensuring proper access controls for user accounts importing files is crucial.