← voltar
CVE-2025-13913

Inductive Automation Ignition Software Deserialization of Untrusted Data

CVSS 5.4 MEDIUMEPSS 0.3%CWE-502
A privileged Ignition user, intentionally or otherwise, imports an external file with a specially crafted payload, which executes embedded malicious code.
CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
Produtos afetados
Inductive Automation · Ignition Software

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-071-06.jsonhttps://inductiveautomation.com/resources/article/ignition-security-hardening-guidehttps://www.cisa.gov/news-events/ics-advisories/icsa-26-071-06