Trust Center
Welcome to the Inductive Automation Trust Portal
Thousands of companies worldwide depend on Ignition
- See Founder’s Message and Company Leadership
- Customers, Case Studies, Projects, Discover Gallery
- SDLC guide. (Duo/CrowdStrike) case studies
- ** Subscribe to Trust Center Updates ** (below)
- Vuls/contact: security@inductiveautomation.com (PGP)
CVE-2025-13911 (Ignition Windows Default)
If you noticed Ignition CVE-2025-13911, you're probably wondering what this means for you.
The default Ignition installation on Windows grants greater operating system permissions than is needed in most cases. An Ignition administrator importing malicious project resources could lead to a system level compromise or other significant effects.
This Tech Advisory contains more information. Steps #1-#3 correct the issue. The Ignition Security Hardening Guide has been updated with “Appendix A - Restrict the Ignition Service Security” with additional recommendations.
Feel free to reach out to Inductive Automation if you have any additional questions.
OpenSSL CVE‑2025‑15467 (Ignition NOT affected)
Ignition software is not affected by CVE‑2025‑15467, an OpenSSL vulnerability. While Ignition 8.3.3 and 8.1.52 include OpenSSL related dependencies within the Siemens Enhanced Driver and IEC 61850 Driver modules, these modules do not use OpenSSL in a manner that is exposed to the vulnerability.
As a general security best practice, Inductive Automation recommends uninstalling Ignition software modules that are not in use.
Customers should continue to follow the guidance in the Ignition Security Hardening Guide, including maintaining network segmentation between users and PLCs or OT devices accessed through Ignition drivers.
Questions or concerns may be directed to security@inductiveautomation.com.
CVE‑2025‑55182 (critical React server components vulnerability)
Inductive Automation has verified that CVE‑2025‑55182 (critical React server components vulnerability) does not impact Ignition software, including transitive dependencies. All versions of Ignition and supporting infrastructure are confirmed to be secure.
Shai-Hulud Malware Update (No Threat)
Inductive Automation is not affected by Shai-Hulud related malware activity. Our Software Development Lifecycle includes thorough vetting processes including pinning dependencies. A security team and automated tools are actively monitoring potential impact to Ignition and the software repository.
This attack does not target end users directly. Customers are advised to adhere to the Ignition Security Hardening Guide for best practices. Contact security@inductiveautomation.com with specific questions or concerns.
Trust Portal Updates
The IA Security and Trust Portal content has been recently updated to proactively share information. This includes badges for ISO 9001 (Quality) and IEC 62443 (Secure Software Development) certification with downloadable pdf certificates. ISO 27001 (Information Security) and ISO 14001 (Environmental Management) work is underway, with a downloadable letter of commitment for certification in 2026 from our consultant. A 21 CFR Part 11 badge includes an informational guide for using Ignition in pharmaceutical, Life Sciences, or regulated spaces.
Please contact security@inductiveautomation.com with portal update requests.