CVE-2025-64691

Critical CVSS: 9.3

The vulnerability, if exploited, could allow an authenticated miscreant
(OS standard user) to tamper with TCL Macro scripts and escalate
privileges to OS system, potentially resulting in complete compromise of
the model application server.

Vendor

Aveva

Product

Process Optimization

CWE

CWE-94

Yayın Tarihi

2026-01-16 02:16:45

Güncelleme

2026-01-22 15:15:51

Source Identifier

ics-cert@hq.dhs.gov

KEV Date Added

Kategoriler

CWE-94 Process Optimization CRITICAL Aveva 2026

Referanslar

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea https://www.aveva.com/en/support-and-success/cyber-security-updates/ https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01

Benzer Kayıtlar

Critical

CVE-2025-65118

The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to trick Process Optimizatio…

Critical

CVE-2025-61943

The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Standard User) to tamper…

High

CVE-2025-64729

The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to tamper with Process Optim…

High

CVE-2025-64769

The Process Optimization application suite leverages connection channels/protocols that by-default are not encrypted an…

High

CVE-2025-65117

The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Designer User) to embed O…

Critical

CVE-2025-61937

The vulnerability, if exploited, could allow an unauthenticated miscreant to achieve remote code execution under OS sys…