Inductive Automation Ignition vulnerabilities

CVE-2025-13911 [HIGH] CWE-250 CVE-2025-13911: The vulnerability affects Ignition SCADA applications where Python scripting is utilized for automa The vulnerability affects Ignition SCADA applications where Python scripting is utilized for automation purposes. The vulnerability arises from the absence of proper security controls that restrict which Python libraries can be imported and executed within the scripting environment. The core issue lies in the Ignition service account having system per

CVE-2023-39475 [CRITICAL] CWE-502 CVE-2023-39475: Inductive Automation Ignition ParameterVersionJavaSerializationCodec Deserialization of Untrusted Da Inductive Automation Ignition ParameterVersionJavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability. The specific flaw

CVE-2023-39476 [CRITICAL] CWE-502 CVE-2023-39476: Inductive Automation Ignition JavaSerializationCodec Deserialization of Untrusted Data Remote Code E Inductive Automation Ignition JavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability. The specific flaw exists within t

CVE-2023-38121 [CRITICAL] CWE-79 CVE-2023-38121: Inductive Automation Ignition OPC UA Quick Client Cross-Site Scripting Remote Code Execution Vulnera Inductive Automation Ignition OPC UA Quick Client Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open

CVE-2023-50222 [HIGH] CWE-502 CVE-2023-50222: Inductive Automation Ignition ResponseParser Notification Deserialization of Untrusted Data Remote C Inductive Automation Ignition ResponseParser Notification Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a

CVE-2023-50221 [HIGH] CWE-502 CVE-2023-50221: Inductive Automation Ignition ResponseParser SerializedResponse Deserialization of Untrusted Data Re Inductive Automation Ignition ResponseParser SerializedResponse Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connec

CVE-2023-50233 [HIGH] CWE-22 CVE-2023-50233: Inductive Automation Ignition getJavaExecutable Directory Traversal Remote Code Execution Vulnerabil Inductive Automation Ignition getJavaExecutable Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server. The s

CVE-2023-38123 [HIGH] CWE-306 CVE-2023-38123: Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function Authe Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must visit a ma

CVE-2023-50223 [HIGH] CWE-502 CVE-2023-50223: Inductive Automation Ignition ExtendedDocumentCodec Deserialization of Untrusted Data Remote Code Ex Inductive Automation Ignition ExtendedDocumentCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the Extend

CVE-2023-38124 [HIGH] CWE-749 CVE-2023-38124: Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the

CVE-2023-38122 [HIGH] CWE-942 CVE-2023-38122: Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code Executi Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Although authentication is required to exploit this vulnerability, the existing authentication mechanism c

CVE-2023-50232 [HIGH] CWE-88 CVE-2023-50232: Inductive Automation Ignition getParams Argument Injection Remote Code Execution Vulnerability. This Inductive Automation Ignition getParams Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server. The specific f

CVE-2023-50218 [HIGH] CWE-502 CVE-2023-50218: Inductive Automation Ignition ModuleInvoke Deserialization of Untrusted Data Remote Code Execution V Inductive Automation Ignition ModuleInvoke Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the ModuleInvoke cl

CVE-2023-50219 [HIGH] CWE-502 CVE-2023-50219: Inductive Automation Ignition RunQuery Deserialization of Untrusted Data Remote Code Execution Vulne Inductive Automation Ignition RunQuery Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the RunQuery class. The

CVE-2023-50220 [HIGH] CWE-502 CVE-2023-50220: Inductive Automation Ignition Base64Element Deserialization of Untrusted Data Remote Code Execution Inductive Automation Ignition Base64Element Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the Base64Element c

CVE-2023-39477 [HIGH] CWE-400 CVE-2023-39477: Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of

CVE-2023-39473 [HIGH] CWE-502 CVE-2023-39473: Inductive Automation Ignition AbstractGatewayFunction Deserialization of Untrusted Data Remote Code Inductive Automation Ignition AbstractGatewayFunction Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the Abstr

CVE-2023-39474 [HIGH] CWE-494 CVE-2023-39474: Inductive Automation Ignition downloadLaunchClientJar Remote Code Execution Vulnerability. This vuln Inductive Automation Ignition downloadLaunchClientJar Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server. The specific flaw

CVE-2023-39472 [MEDIUM] CWE-611 CVE-2023-39472: Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the Simpl

CVE-2022-1704 [CRITICAL] CWE-611 CVE-2022-1704: Due to an XML external entity reference, the software parses XML in the backup/restore functionality Due to an XML external entity reference, the software parses XML in the backup/restore functionality without XML security flags, which may lead to a XXE attack while restoring the backup.