Login Sign Up

CVE-2023-50233

8.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on Inductive Automation Ignition installations by exploiting a directory traversal flaw in the getJavaExecutable method. Attackers can trick users into connecting to malicious servers, leading to code execution in the context of the current user. All affected Ignition installations are vulnerable.

💻 Affected Systems

Products:
  • Inductive Automation Ignition
Versions: Versions prior to 8.1.34 and 9.0.10
Operating Systems: Windows, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: All installations using affected versions are vulnerable regardless of configuration.

📦 What is this software?

Ignition by Inductiveautomation

View all CVEs affecting Ignition →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining the same privileges as the Ignition service account, potentially leading to data theft, lateral movement, or ransomware deployment.

🟠

Likely Case

Remote code execution allowing attackers to install malware, create backdoors, or exfiltrate sensitive industrial control system data.

🟢

If Mitigated

Limited impact if network segmentation prevents external connections and users are trained not to connect to untrusted servers.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction (connecting to malicious server) but the technical complexity of the directory traversal is relatively low.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Ignition 8.1.34 and 9.0.10

Vendor Advisory: https://security.inductiveautomation.com/?tcuUid=fc4c4515-046d-4365-b688-693337449c5b

Restart Required: Yes

Instructions:

1. Download Ignition 8.1.34 or 9.0.10 from the Inductive Automation website. 2. Backup your current installation. 3. Run the installer to upgrade. 4. Restart the Ignition service.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict Ignition servers from initiating outbound connections to untrusted networks.

User Training

all

Train operators and administrators to only connect to trusted Ignition servers.

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate Ignition systems from untrusted networks
  • Deploy application allowlisting to prevent execution of unauthorized binaries

🔍 How to Verify

Check if Vulnerable:

Check Ignition version via the Gateway Web Interface or ignition-gateway --version command.

Check Version:

ignition-gateway --version

Verify Fix Applied:

Verify version is 8.1.34 or higher for Ignition 8.x, or 9.0.10 or higher for Ignition 9.x.

📡 Detection & Monitoring

Log Indicators:

  • Unusual Java process executions
  • File operations outside expected directories
  • Connection attempts to unknown servers

Network Indicators:

  • Outbound connections from Ignition to unfamiliar IP addresses
  • Unusual traffic patterns during Java executable retrieval

SIEM Query:

source="ignition" AND (event="java_executable" OR event="file_access") AND path="*..*"

📊 Metadata

CVE ID: CVE-2023-50233
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-22
Published: May 3, 2024
Last Updated: March 12, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-50233, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)