AVEVA InTouch Access Anywhere Secure Gateway - Local File Inclusion

AVEVA InTouch Access Anywhere Secure Gateway is vulnerable to local file inclusion. id: CVE-2022-23854 info: name: AVEVA InTouch Access Anywhere Secure Gateway - Local File Inclusion author: For3stCo1d severity: high description: | AVEVA InTouch Access Anywhere Secure Gateway is vulnerable to loc...

AVEVA Pipeline Simulation

RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to modify simulation parameters, training configuration and training records. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...

CVE-2026-5387

The CVE-2026-5387 entry concerns AVEVA Pipeline Simulation where an unauthenticated actor can perform operations intended for Simulator Instructor/Developer (Administrator) roles, leading to privilege escalation and potential modification of simulation parameters, training configuration, and trai...

CVE-2026-5387 AVEVA Pipeline Simulation Missing Authorization

The vulnerability, if exploited, could allow an unauthenticated miscreant to perform operations intended only for Simulator Instructor or Simulator Developer Administrator roles, resulting in privilege escalation with potential for modification of simulation parameters, training configuration, an...

AVEVA Pipeline Simulation 安全漏洞

AVEVA Pipeline Simulation is a pipeline simulation software developed by AVEVA, a British company. AVEVA Pipeline Simulation has a security vulnerability. This vulnerability stems from improper permission verification, which may allow unverified attackers to perform privileged operations, resulti...

CVE-2026-1507 Uncaught Exception vulnerability in AVEVA PI Data Archive

The affected products are vulnerable to an uncaught exception that could allow an unauthenticated attacker to remotely crash core PI services resulting in a denial-of-service...

CVE-2026-1507 Uncaught Exception vulnerability in AVEVA PI Data Archive

The affected products are vulnerable to an uncaught exception that could allow an unauthenticated attacker to remotely crash core PI services resulting in a denial-of-service...

CVE-2026-1495 Insertion of Sensitive Information into Log File vulnerability in AVEVA PI to CONNECT Agent

The vulnerability, if exploited, could allow an attacker with Event Log Reader S-1-5-32-573 privileges to obtain proxy details, including URL and proxy credentials, from the PI to CONNECT event log files. This could enable unauthorized access to the proxy server...

CVE-2026-1495

CVE-2026-1495 concerns an information-insertion vulnerability in AVEVA PI to CONNECT Agent. The CVE describes that an attacker with Event Log Reader privileges (S-1-5-32-573) can access proxy details, including the proxy URL and credentials, from the PI to CONNECT event log files. This could enab...

AVEVA PI Data Archive

RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control...

AVEVA PI to CONNECT Agent

RISK EVALUATION Successful exploitation of this vulnerability could result in an unauthorized access to the proxy server. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all...

AVEVA PI Data Archive PI Server 安全漏洞

AVEVA PI Data Archive PI Server is a database engine developed by the British company AVEVA. There is a security vulnerability present in AVEVA PI Data Archive PI Server. This vulnerability stems from unhandled exceptions, which could allow unauthorized attackers to remotely crash core services a...

CVE-2025-64769

CVE-2025-64769 affects the AVEVA Process Optimization suite. The root issue is unencrypted by-default channels/protocols, enabling potential data hijacking or leakage in man-in-the-middle or passive inspection scenarios. Documents consistently describe cleartext transmission of sensitive informat...

CVE-2025-64769 AVEVA Process Optimization Cleartext Transmission of Sensitive Information

The Process Optimization application suite leverages connection channels/protocols that by-default are not encrypted and could become subject to hijacking or data leakage in certain man-in-the-middle or passive inspection scenarios...

CVE-2025-64769 AVEVA Process Optimization Cleartext Transmission of Sensitive Information

The Process Optimization application suite leverages connection channels/protocols that by-default are not encrypted and could become subject to hijacking or data leakage in certain man-in-the-middle or passive inspection scenarios...

CVE-2025-65117

The CVE-2025-65117 entry concerns AVEVA Process Optimization: an authenticated Process Optimization Designer User can embed OLE objects into graphics, potentially escalating privileges to a victim user after interaction with the graphics. Core details indicate local access with low attack complex...

CVE-2025-65117 AVEVA Process Optimization Use of Potentially Dangerous Function

The vulnerability, if exploited, could allow an authenticated miscreant Process Optimization Designer User to embed OLE objects into graphics, and escalate their privileges to the identity of a victim user who subsequently interacts with the graphical elements...

CVE-2025-64729 AVEVA Process Optimization Missing Authorization

The vulnerability, if exploited, could allow an authenticated miscreant OS Standard User to tamper with Process Optimization project files, embed code, and escalate their privileges to the identity of a victim user who subsequently interacts with the project files...

CVE-2025-65118 AVEVA Process Optimization Uncontrolled Search Path Element

The vulnerability, if exploited, could allow an authenticated miscreant OS Standard User to trick Process Optimization services into loading arbitrary code and escalate privileges to OS System, potentially resulting in complete compromise of the Model Application Server...

CVE-2025-65118 AVEVA Process Optimization Uncontrolled Search Path Element

The vulnerability, if exploited, could allow an authenticated miscreant OS Standard User to trick Process Optimization services into loading arbitrary code and escalate privileges to OS System, potentially resulting in complete compromise of the Model Application Server...