CVE-2025-61943

Critical CVSS: 9.3

The vulnerability, if exploited, could allow an authenticated miscreant
(Process Optimization Standard User) to tamper with queries in Captive
Historian and achieve code execution under SQL Server administrative
privileges, potentially resulting in complete compromise of the SQL
Server.

Vendor

Aveva

Product

Process Optimization

CWE

CWE-89

Yayın Tarihi

2026-01-16 02:16:45

Güncelleme

2026-01-22 15:19:41

Source Identifier

ics-cert@hq.dhs.gov

KEV Date Added

Kategoriler

CWE-89 Process Optimization CRITICAL Aveva 2026

Referanslar

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea https://www.aveva.com/en/support-and-success/cyber-security-updates/ https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01

Benzer Kayıtlar

Critical

CVE-2025-65118

The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to trick Process Optimizatio…

Critical

CVE-2025-64691

The vulnerability, if exploited, could allow an authenticated miscreant (OS standard user) to tamper with TCL Macro scr…

High

CVE-2025-64729

The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to tamper with Process Optim…

High

CVE-2025-64769

The Process Optimization application suite leverages connection channels/protocols that by-default are not encrypted an…

High

CVE-2025-65117

The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Designer User) to embed O…

Critical

CVE-2025-61937

The vulnerability, if exploited, could allow an unauthenticated miscreant to achieve remote code execution under OS sys…