CVE-2025-61937

Critical CVSS: 10.0

The vulnerability, if exploited, could allow an unauthenticated
miscreant to achieve remote code execution under OS system privileges of
“taoimr” service, potentially resulting in complete compromise of the model application server.

Vendor

Aveva

Product

Process Optimization

CWE

CWE-94

Yayın Tarihi

2026-01-16 02:16:42

Güncelleme

2026-01-22 15:20:43

Source Identifier

ics-cert@hq.dhs.gov

KEV Date Added

Kategoriler

CWE-94 Process Optimization CRITICAL Aveva 2026

Referanslar

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea https://www.aveva.com/en/support-and-success/cyber-security-updates/ https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01

Benzer Kayıtlar

Critical

CVE-2025-65118

The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to trick Process Optimizatio…

Critical

CVE-2025-61943

The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Standard User) to tamper…

Critical

CVE-2025-64691

The vulnerability, if exploited, could allow an authenticated miscreant (OS standard user) to tamper with TCL Macro scr…

High

CVE-2025-64729

The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to tamper with Process Optim…

High

CVE-2025-64769

The Process Optimization application suite leverages connection channels/protocols that by-default are not encrypted an…

High

CVE-2025-65117

The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Designer User) to embed O…