CVE-2025-13913

Published: Mar 12, 2026Modified: Jun 5, 2026

5.4

Vector

CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: ics-cert@hq.dhs.gov (Secondary)

Description

A privileged Ignition user, intentionally or otherwise, imports an external file with a specially crafted payload, which executes embedded malicious code.

Affected (1)

Products: Inductiveautomation: Ignition

Inductiveautomation

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Inductiveautomation Ignition	Before 8.3.0

Related CWEs

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (3)

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-071-06.json

Source: ics-cert@hq.dhs.gov

Issue Tracking

https://inductiveautomation.com/resources/article/ignition-security-hardening-guide

Source: ics-cert@hq.dhs.gov

Issue Tracking

https://www.cisa.gov/news-events/ics-advisories/icsa-26-071-06

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryVDB Entry

Timeline

No history available yet.