Ignition affected by CVE-2023-5129?

I know this is pretty new, but is Ignition affected by CVE-2023-5129? Looks like it was a lower score before as a different CVE but is now a 10.

https://nvd.nist.gov/vuln/detail/CVE-2023-5129

Edit:
Another link explaining a bit of history of this CVE and other software affected: https://www.cyberkendra.com/2023/09/webp-0day-google-assign-new-cve-for.html?m=1

I'll bring this up internally, but it does seem that while Ignition itself is not vulnerable, the embedded Chromium browser used in the Designer, Perspective Workstation, and Vision's web browser component may be.

3 Likes

Ok, we're tracking this. Not sure I'll have much of an update until next week some time because ICC is going on this week.

1 Like

Hello,
Do you have any update regarding the topic ?
Thank you very much !

The embedded version of Chromium was updated in Ignition 8.1.34.