43 matches found
CVE-2025-64729
The vulnerability, if exploited, could allow an authenticated miscreant OS Standard User to tamper with Process Optimization project files, embed code, and escalate their privileges to the identity of a victim user who subsequently interacts with the project files...
CVE-2025-64729 AVEVA Process Optimization Missing Authorization
The vulnerability, if exploited, could allow an authenticated miscreant OS Standard User to tamper with Process Optimization project files, embed code, and escalate their privileges to the identity of a victim user who subsequently interacts with the project files...
CVE-2025-64729
The CVE-2025-64729 entry concerns AVEVA Process Optimization. Affected software: Process Optimization with user-authenticated access (OS Standard User). The documented vulnerability allows an authenticated attacker to tamper with Process Optimization project files, embed code, and escalate privil...
CVE-2025-65118 AVEVA Process Optimization Uncontrolled Search Path Element
The vulnerability, if exploited, could allow an authenticated miscreant OS Standard User to trick Process Optimization services into loading arbitrary code and escalate privileges to OS System, potentially resulting in complete compromise of the Model Application Server...
CVE-2025-65118
The vulnerability, if exploited, could allow an authenticated miscreant OS Standard User to trick Process Optimization services into loading arbitrary code and escalate privileges to OS System, potentially resulting in complete compromise of the Model Application Server...
CVE-2025-65118 AVEVA Process Optimization Uncontrolled Search Path Element
The vulnerability, if exploited, could allow an authenticated miscreant OS Standard User to trick Process Optimization services into loading arbitrary code and escalate privileges to OS System, potentially resulting in complete compromise of the Model Application Server...
CVE-2025-65118
CVE-2025-65118 affects AVEVA Process Optimization. The issue is described as an Uncontrolled Search Path Element that could allow an authenticated OS Standard User to cause Process Optimization services to load arbitrary code, enabling privilege escalation to OS System and potentially complete co...
CVE-2025-61943
CVE-2025-61943 affects AVEVA Process Optimization Captive Historian. An authenticated Process Optimization Standard User can tamper with queries in Captive Historian, enabling code execution with SQL Server administrative privileges and potentially full SQL Server compromise. Connected sources (N...
CVE-2025-61943 AVEVA Process Optimization SQL Injection
The vulnerability, if exploited, could allow an authenticated miscreant Process Optimization Standard User to tamper with queries in Captive Historian and achieve code execution under SQL Server administrative privileges, potentially resulting in complete compromise of the SQL Server...
CVE-2025-64691 AVEVA Process Optimization Code Injection
The vulnerability, if exploited, could allow an authenticated miscreant OS standard user to tamper with TCL Macro scripts and escalate privileges to OS system, potentially resulting in complete compromise of the model application server...
CVE-2025-61937
CVE-2025-61937 affects AVEVA Process Optimization. The flaw allows unauthenticated remote code execution via the taoimr service, potentially fully compromising the model application server. CVSS metrics in the documents show CRITICAL impact. Remediation details or fixed versions are not provided ...
CVE-2025-61937 AVEVA Process Optimization Code Injection
The vulnerability, if exploited, could allow an unauthenticated miscreant to achieve remote code execution under OS system privileges of “taoimr” service, potentially resulting in complete compromise of the model application server...
AVEVA Process Optimization security vulnerabilities
AVEVA Process Optimization is a real-time process optimization software developed by the British company AVEVA. AVEVA Process Optimization has a security vulnerability that stems from the use of unencrypted connection channels or protocols by default. This can lead to man-in-the-middle attacks or...
AVEVA Process Optimization Code Injection Vulnerability
AVEVA Process Optimization is a real-time process optimization software developed by the British company AVEVA. AVEVA Process Optimization has a code injection vulnerability. This vulnerability allows unverified attackers to execute remote code, potentially leading to the complete compromise of t...
AVEVA Process Optimization code-related vulnerabilities
AVEVA Process Optimization is a real-time process optimization software developed by the British company AVEVA. AVEVA Process Optimization has code-related vulnerabilities. These vulnerabilities allow authenticated attackers to induce the Process Optimization service to load arbitrary code,...
AVEVA Process Optimization security vulnerabilities
AVEVA Process Optimization is a real-time process optimization software developed by the British company AVEVA. AVEVA Process Optimization has a security vulnerability, which arises from the possibility for authenticated attackers to embed OLE objects into graphics, potentially leading to privile...
AVEVA Process Optimization Code Injection Vulnerability
AVEVA Process Optimization is a real-time process optimization software developed by the British company AVEVA. AVEVA Process Optimization has a code injection vulnerability. This vulnerability arises because authenticated attackers could potentially alter TCL macro scripts, leading to privilege...
AVEVA Process Optimization security vulnerabilities
AVEVA Process Optimization is a real-time process optimization software developed by the British company AVEVA. AVEVA Process Optimization has a security vulnerability. This vulnerability arises because authenticated attackers can manipulate the Project Optimization project files and embed code,...
PT-2026-3199
The vulnerability, if exploited, could allow an authenticated miscreant OS Standard User to trick Process Optimization services into loading arbitrary code and escalate privileges to OS System, potentially resulting in complete compromise of the Model Application Server...
PT-2026-3196
Name of the Vulnerable Software and Affected Versions Process Optimization affected versions not specified Description An authenticated attacker with standard user privileges can modify Process Optimization project files, insert code, and potentially gain the privileges of a user who interacts wi...