CVE-2023-38123 – This vulnerability allows remote attackers to b... (How to Fix)

Q: What is the severity of CVE-2023-38123?

CVE-2023-38123 has a CVSS score of 8.8 (HIGH). This vulnerability allows remote attackers to bypass authentication in Inductive Automation Ignition OPC UA Quick Client by exploiting missing authentication on password change functionality. Attackers can gain unauthorized access when users visit malicious pages or open malicious files. This affects all installations using vulnerable versions of Ignition.

📋 TL;DR

This vulnerability allows remote attackers to bypass authentication in Inductive Automation Ignition OPC UA Quick Client by exploiting missing authentication on password change functionality. Attackers can gain unauthorized access when users visit malicious pages or open malicious files. This affects all installations using vulnerable versions of Ignition.

💻 Affected Systems

Products:

Inductive Automation Ignition OPC UA Quick Client

Versions: Versions prior to 8.1.30

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all installations with OPC UA Quick Client enabled. User interaction required (visiting malicious page or opening malicious file).

📦 What is this software?

Ignition by Inductiveautomation

View all CVEs affecting Ignition →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to change passwords, gain administrative access, and potentially execute arbitrary code on Ignition servers.

🟠

Likely Case

Unauthorized access to Ignition systems allowing data theft, configuration changes, and disruption of industrial control operations.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing external exploitation.

🌐 Internet-Facing: HIGH - Remote exploitation possible via malicious pages/files, though user interaction required.

🏢 Internal Only: HIGH - Internal attackers or compromised internal systems can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction but is technically simple once the malicious payload is delivered.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.1.30 and later

Vendor Advisory: https://inductiveautomation.com/blog/inductive-automation-participates-in-pwn2own-to-strengthen-ignition-security

Restart Required: Yes

Instructions:

1. Download Ignition version 8.1.30 or later from Inductive Automation portal. 2. Backup current installation. 3. Run installer to upgrade. 4. Restart Ignition services.

🔧 Temporary Workarounds

Disable OPC UA Quick Client

all

Remove or disable the vulnerable OPC UA Quick Client component if not required for operations.

Navigate to Ignition Gateway > Config > OPC UA > Quick Client > Disable

Network Segmentation

all

Isolate Ignition systems from untrusted networks and implement strict firewall rules.

Configure firewall to block external access to Ignition ports (typically 8060, 8043)

🧯 If You Can't Patch

Implement strict user awareness training to prevent opening malicious files/links
Deploy application whitelisting to prevent execution of unauthorized scripts

🔍 How to Verify

Check if Vulnerable:

Check Ignition version in Gateway webpage or via command: java -jar ignition.jar --version

Check Version:

java -jar ignition.jar --version

Verify Fix Applied:

Verify version is 8.1.30 or higher and OPC UA Quick Client authentication is enforced

📡 Detection & Monitoring

Log Indicators:

Unauthorized password change attempts
OPC UA Quick Client authentication failures
Unexpected user privilege changes

Network Indicators:

Unusual OPC UA traffic patterns
Authentication bypass attempts to Ignition ports

SIEM Query:

source="ignition" AND (event_type="auth_failure" OR event_type="password_change")

📊 Metadata

CVE ID: CVE-2023-38123

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-306

Published: May 3, 2024

Last Updated: March 13, 2025

🔗 References

https://inductiveautomation.com/blog/inductive-automation-participates-in-pwn2own-to-strengthen-ignition-security Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-1014/ Third Party Advisory
https://inductiveautomation.com/blog/inductive-automation-participates-in-pwn2own-to-strengthen-ignition-security Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-1014/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-38123, you might also want to check these: