PatchSiren cyber security CVE debrief
CVE-2025-13913 Inductive Automation CVE debrief
CVE-2025-13913 is a medium-severity issue in Inductive Automation Ignition Software <8.3.0 where a privileged user importing an external file can trigger embedded malicious code during deserialization. CISA published the advisory on 2026-03-12 and issued a minor revision on 2026-03-13 to correct a reference typo. The supplied CVSS 3.1 vector is AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H, reflecting a prerequisite-heavy attack that still carries high potential impact if a privileged import workflow is abused.
- Vendor
- Inductive Automation
- Product
- Ignition Software
- CVSS
- MEDIUM 6.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-12
- Original CVE updated
- 2026-03-13
- Advisory published
- 2026-03-12
- Advisory updated
- 2026-03-13
Who should care
Administrators and operators of Ignition gateways, especially those who allow privileged users to import projects or other external files. OT/ICS security teams, identity and access managers, and anyone responsible for patching or hardening Ignition deployments should prioritize review.
Technical summary
According to the CISA CSAF advisory, the weakness affects Ignition Software versions below 8.3.0. A privileged Ignition user, intentionally or otherwise, imports an external file containing a specially crafted payload; during deserialization, the payload can execute malicious code. CISA maps the issue to CWE-502 (Deserialization of Untrusted Data). The advisory’s CVSS 3.1 vector (AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H) indicates the attack requires adjacent access, high privileges, and user interaction, but can impact confidentiality, integrity, and availability if successful.
Defensive priority
Medium, with elevated urgency in production OT environments that use privileged import workflows or allow broad designer/configuration access.
Recommended defensive actions
- Upgrade Ignition software from 8.1.x to 8.3.0 or later.
- Restrict project imports to verified, trusted sources only, ideally using checksums or digital signatures.
- Use separate Dev/Test/Prod environments so new data is never introduced directly into production.
- Apply the Ignition Security Hardening Guide Appendix A for 8.1.x deployments, including service-account and filesystem restrictions on Linux and Windows.
- When feasible, segment or isolate Ignition gateways from corporate resources and Windows domains.
- Enforce strong credential management and MFA for users with Designer permissions, Config Page permissions, and Config Write permissions where applicable.
- Deploy Ignition in hardened or containerized environments when feasible.
Evidence notes
This debrief is grounded in the CISA CSAF advisory ICSA-26-071-06 (source item) and the linked CISA/CVE references. The advisory was initially published on 2026-03-12 and revised on 2026-03-13 only to fix a typo in the advisory ID reference. The source explicitly names Inductive Automation Ignition Software <8.3.0, describes malicious code execution during deserialization after importing a specially crafted external file, and identifies CWE-502. No KEV entry was included in the supplied corpus.
Official resources
-
CVE-2025-13913 CVE record
CVE.org
-
CVE-2025-13913 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published ICSA-26-071-06 for CVE-2025-13913 on 2026-03-12 and revised it on 2026-03-13 for a reference typo correction. The advisory covers Inductive Automation Ignition Software <8.3.0 and recommends upgrading to 8.3.0 or later plus a