An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary code by using a crafted HTML document to obtain control of a function pointer.
7.6AI Score
0.021EPSS
Integer overflow in an unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary code via a large value for an integer parameter, leading to a buffer overflow.
8.3AI Score
0.022EPSS
An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to modify files via calls to unknown methods.
6.8AI Score
0.314EPSS
Buffer overflow in an unspecified ActiveX control in aipgctl.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to cause a denial of service via a crafted HTML document.
6.9AI Score
0.003EPSS
ARC Informatique PcVue prior to version 12.0.17 is vulnerable due to the deserialization of untrusted data, which may allow an attacker to remotely execute arbitrary code on the web and mobile back-end server.
9.8CVSS
9.6AI Score
0.015EPSS
ARC Informatique PcVue prior to version 12.0.17 is vulnerable to a denial-of-service attack due to the ability of an unauthorized user to modify information used to validate messages sent by legitimate web clients. This issue also affects third-party systems based on the Web Services Toolkit.
7.5CVSS
7.3AI Score
0.005EPSS
ARC Informatique PcVue prior to version 12.0.17 is vulnerable to information exposure, allowing unauthorized users to access session data of legitimate users. This issue also affects third-party systems based on the Web Services Toolkit.
7.5CVSS
7.3AI Score
0.002EPSS
The affected device stores sensitive information in cleartext, which may allow an authenticated user to access session data stored in the OAuth database belonging to legitimate users
5.5CVSS
5.1AI Score
0.0004EPSS
An insertion of sensitive information into log file vulnerability exists in PcVue versions 15 through 15.2.2. Thiscould allow a user with access to the log files to discover connection strings of data sources configured for theDbConnect, which could include credentials. Successful exploitation of t...
6.5CVSS
6.2AI Score
0.001EPSS
A cleartext storage of sensitive information vulnerability exists in PcVue versions 8.10 through 15.2.3. This couldallow an unauthorized user with access the email and short messaging service (SMS) accounts configuration filesto discover the associated simple mail transfer protocol (SMTP) account c...
5.5CVSS
5.2AI Score
0.0004EPSS