Ignition affected by CVE-2023-5129?

michael.flagler · September 27, 2023, 1:25pm

I know this is pretty new, but is Ignition affected by CVE-2023-5129? Looks like it was a lower score before as a different CVE but is now a 10.

https://nvd.nist.gov/vuln/detail/CVE-2023-5129

Edit:
Another link explaining a bit of history of this CVE and other software affected: https://www.cyberkendra.com/2023/09/webp-0day-google-assign-new-cve-for.html?m=1

Kevin.Herron · September 27, 2023, 1:29pm

I'll bring this up internally, but it does seem that while Ignition itself is not vulnerable, the embedded Chromium browser used in the Designer, Perspective Workstation, and Vision's web browser component may be.

Kevin.Herron · September 27, 2023, 5:44pm

Ok, we're tracking this. Not sure I'll have much of an update until next week some time because ICC is going on this week.

berni · July 8, 2024, 2:01pm

Hello,
Do you have any update regarding the topic ?
Thank you very much !

Kevin.Herron · July 8, 2024, 2:03pm

The embedded version of Chromium was updated in Ignition 8.1.34.

berni · July 18, 2024, 9:27am

Thank you for your reply.
Best regards,