CVE-2025-13911

Name of the Vulnerable Software and Affected Versions Ignition SCADA applications (affected versions not specified)

Description The issue concerns Ignition SCADA applications utilizing Python scripting for automation. A lack of security controls regarding Python library imports and execution allows for potentially dangerous operations. The Ignition service account possesses excessive system permissions. Uploading a malicious project file containing Python scripts with bind shell capabilities allows an authenticated administrator to execute code with SYSTEM-level privileges on Windows. Alternative code execution patterns could also lead to similar outcomes.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.