ignition gateway

About this tag
The ignition gateway tag covers discussions about Inductive Automation's Ignition platform, specifically focusing on security vulnerabilities affecting the Ignition Gateway service on Windows. Recent content highlights CVE-2025-13911, a privilege escalation issue where an authenticated administrator can upload a malicious project containing Python scripts that execute with Gateway service account privileges, potentially leading to SYSTEM-level code execution on Windows. The vulnerability affects Ignition 8.1.x and 8.3.x releases and is scored at CVSS 6.4. Topics include mitigation strategies, the technical details of the attack chain, and the implications for enterprise IT environments running Ignition on Windows servers.
  1. Mitigating CVE-2025-13911: Ignition Gateway Privilege Escalation on Windows

    Inductive Automation’s Ignition platform is the subject of a fresh, high‑impact advisory that warns an authenticated administrator can upload a malicious project containing Python scripts (Jython) which the Ignition Gateway executes with the Gateway service account privileges — and on Windows...