CVE-2023-50233— Inductive Automation Ignition getJavaExecutable Directory Traversal Remote Code Execution Vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-50233
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Inductive Automation Ignition getJavaExecutable Directory Traversal Remote Code Execution Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
Inductive Automation Ignition getJavaExecutable Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server. The specific flaw exists within the getJavaExecutable method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22029.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Inductive Automation Ignition 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Inductive Automation Ignition是美国Inductive Automation公司的一套用于SCADA系统的集成软件平台。该平台支持SCADA(数据采集与监控系统)、HMI(人机界面)等。 Inductive Automation Ignition存在安全漏洞,该漏洞源于getJavaExecutable类存在目录遍历漏洞。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Inductive Automation | Ignition | 8.1.31 | - |
II. Public POCs for CVE-2023-50233
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-50233
请登录查看更多情报信息。
Same Patch Batch · Inductive Automation · 2024-05-03 · 18 CVEs total
| CVE-2023-38124 | Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Functi | |
| CVE-2023-50222 | Inductive Automation Ignition ResponseParser Notification Deserialization of Untrusted Dat | |
| CVE-2023-50223 | Inductive Automation Ignition ExtendedDocumentCodec Deserialization of Untrusted Data Remo | |
| CVE-2023-50219 | Inductive Automation Ignition RunQuery Deserialization of Untrusted Data Remote Code Execu | |
| CVE-2023-50221 | Inductive Automation Ignition ResponseParser SerializedResponse Deserialization of Untrust | |
| CVE-2023-50218 | Inductive Automation Ignition ModuleInvoke Deserialization of Untrusted Data Remote Code E | |
| CVE-2023-50232 | Inductive Automation Ignition getParams Argument Injection Remote Code Execution Vulnerabi | |
| CVE-2023-50220 | Inductive Automation Ignition Base64Element Deserialization of Untrusted Data Remote Code | |
| CVE-2023-38122 | Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Co | |
| CVE-2023-39477 | Inductive Automation Ignition ConditionRefresh Resource Exhaustion Denial-of-Service Vulne | |
| CVE-2023-38121 | Inductive Automation Ignition OPC UA Quick Client Cross-Site Scripting Remote Code Executi | |
| CVE-2023-38123 | Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Func | |
| CVE-2023-39472 | Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information D | |
| CVE-2023-39476 | Inductive Automation Ignition JavaSerializationCodec Deserialization of Untrusted Data Rem | |
| CVE-2023-39473 | Inductive Automation Ignition AbstractGatewayFunction Deserialization of Untrusted Data Re | |
| CVE-2023-39475 | Inductive Automation Ignition ParameterVersionJavaSerializationCodec Deserialization of Un | |
| CVE-2023-39474 | Inductive Automation Ignition downloadLaunchClientJar Remote Code Execution Vulnerability |
IV. Related Vulnerabilities
Same product: Ignition
- CVE-2025-13911
Inductive Automation Ignition Execution with Unnecessary Pri - CVE-2023-50232
Inductive Automation Ignition getParams Argument Injection R - CVE-2023-50223
Inductive Automation Ignition ExtendedDocumentCodec Deserial - CVE-2023-50222
Inductive Automation Ignition ResponseParser Notification De - CVE-2023-50221
Inductive Automation Ignition ResponseParser SerializedRespo
Same vendor: Inductive Automation
- CVE-2025-13913
Inductive Automation Ignition Software Deserialization of Un - CVE-2025-13911
Inductive Automation Ignition Execution with Unnecessary Pri - CVE-2023-50232
Inductive Automation Ignition getParams Argument Injection R - CVE-2023-50223
Inductive Automation Ignition ExtendedDocumentCodec Deserial - CVE-2023-50221
Inductive Automation Ignition ResponseParser SerializedRespo
Same weakness: CWE-22
- CVE-2026-8274
npitre cramfs-tools Directory cramfsck.c do_directory path t - CVE-2022-50956
WordPress Plugin amministrazione-aperta 3.7.3 Local File Rea - CVE-2026-8215
Industrial Application Software IAS Canias ERP RMI iasReques - CVE-2026-42605
AzuraCast: Path Traversal in `currentDirectory` Parameter En - CVE-2026-42574
apko dirFS has a symlink-following path traversal that allow
V. Comments for CVE-2023-50233
No comments yet