CVE-2025-64769

CVE-2025-64769 affects the AVEVA Process Optimization suite. The root issue is unencrypted by-default channels/protocols, enabling potential data hijacking or leakage in man-in-the-middle or passive inspection scenarios. Documents consistently describe cleartext transmission of sensitive informat...

CVE-2025-64769 AVEVA Process Optimization Cleartext Transmission of Sensitive Information

The Process Optimization application suite leverages connection channels/protocols that by-default are not encrypted and could become subject to hijacking or data leakage in certain man-in-the-middle or passive inspection scenarios...

CVE-2025-64769 AVEVA Process Optimization Cleartext Transmission of Sensitive Information

The Process Optimization application suite leverages connection channels/protocols that by-default are not encrypted and could become subject to hijacking or data leakage in certain man-in-the-middle or passive inspection scenarios...

CVE-2025-65117

The CVE-2025-65117 entry concerns AVEVA Process Optimization: an authenticated Process Optimization Designer User can embed OLE objects into graphics, potentially escalating privileges to a victim user after interaction with the graphics. Core details indicate local access with low attack complex...

CVE-2025-65117 AVEVA Process Optimization Use of Potentially Dangerous Function

The vulnerability, if exploited, could allow an authenticated miscreant Process Optimization Designer User to embed OLE objects into graphics, and escalate their privileges to the identity of a victim user who subsequently interacts with the graphical elements...

CVE-2025-64729 AVEVA Process Optimization Missing Authorization

The vulnerability, if exploited, could allow an authenticated miscreant OS Standard User to tamper with Process Optimization project files, embed code, and escalate their privileges to the identity of a victim user who subsequently interacts with the project files...

CVE-2025-65118 AVEVA Process Optimization Uncontrolled Search Path Element

The vulnerability, if exploited, could allow an authenticated miscreant OS Standard User to trick Process Optimization services into loading arbitrary code and escalate privileges to OS System, potentially resulting in complete compromise of the Model Application Server...

CVE-2025-65118 AVEVA Process Optimization Uncontrolled Search Path Element

The vulnerability, if exploited, could allow an authenticated miscreant OS Standard User to trick Process Optimization services into loading arbitrary code and escalate privileges to OS System, potentially resulting in complete compromise of the Model Application Server...

CVE-2025-61943

CVE-2025-61943 affects AVEVA Process Optimization Captive Historian. An authenticated Process Optimization Standard User can tamper with queries in Captive Historian, enabling code execution with SQL Server administrative privileges and potentially full SQL Server compromise. Connected sources (N...

CVE-2025-64691 AVEVA Process Optimization Code Injection

The vulnerability, if exploited, could allow an authenticated miscreant OS standard user to tamper with TCL Macro scripts and escalate privileges to OS system, potentially resulting in complete compromise of the model application server...

CVE-2025-61937

CVE-2025-61937 affects AVEVA Process Optimization. The flaw allows unauthenticated remote code execution via the taoimr service, potentially fully compromising the model application server. CVSS metrics in the documents show CRITICAL impact. Remediation details or fixed versions are not provided ...

CVE-2025-61937 AVEVA Process Optimization Code Injection

The vulnerability, if exploited, could allow an unauthenticated miscreant to achieve remote code execution under OS system privileges of “taoimr” service, potentially resulting in complete compromise of the model application server...

AVEVA Process Optimization Code Injection Vulnerability

AVEVA Process Optimization is a real-time process optimization software developed by the British company AVEVA. AVEVA Process Optimization has a code injection vulnerability. This vulnerability allows unverified attackers to execute remote code, potentially leading to the complete compromise of t...

AVEVA Process Optimization code-related vulnerabilities

AVEVA Process Optimization is a real-time process optimization software developed by the British company AVEVA. AVEVA Process Optimization has code-related vulnerabilities. These vulnerabilities allow authenticated attackers to induce the Process Optimization service to load arbitrary code,...

AVEVA Process Optimization security vulnerabilities

AVEVA Process Optimization is a real-time process optimization software developed by the British company AVEVA. AVEVA Process Optimization has a security vulnerability, which arises from the possibility for authenticated attackers to embed OLE objects into graphics, potentially leading to privile...

AVEVA Process Optimization security vulnerabilities

AVEVA Process Optimization is a real-time process optimization software developed by the British company AVEVA. AVEVA Process Optimization has a security vulnerability. This vulnerability arises because authenticated attackers can manipulate the Project Optimization project files and embed code,...