Ignition affected by CVE-2023-5129?

General Discussion
1

I know this is pretty new, but is Ignition affected by CVE-2023-5129? Looks like it was a lower score before as a different CVE but is now a 10.

https://nvd.nist.gov/vuln/detail/CVE-2023-5129

Edit:
Another link explaining a bit of history of this CVE and other software affected: https://www.cyberkendra.com/2023/09/webp-0day-google-assign-new-cve-for.html?m=1

2

I'll bring this up internally, but it does seem that while Ignition itself is not vulnerable, the embedded Chromium browser used in the Designer, Perspective Workstation, and Vision's web browser component may be.

3 Likes
3

Ok, we're tracking this. Not sure I'll have much of an update until next week some time because ICC is going on this week.

1 Like