CVE-2025-65118

Critical CVSS: 9.3

The vulnerability, if exploited, could allow an authenticated miscreant
(OS Standard User) to trick Process Optimization services into loading
arbitrary code and escalate privileges to OS System, potentially
resulting in complete compromise of the Model Application Server.

Vendor

Aveva

Product

Process Optimization

CWE

CWE-427

Yayın Tarihi

2026-01-16 02:16:46

Güncelleme

2026-01-22 15:13:00

Source Identifier

ics-cert@hq.dhs.gov

KEV Date Added

Kategoriler

CWE-427 Process Optimization CRITICAL Aveva 2026

Referanslar

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea https://www.aveva.com/en/support-and-success/cyber-security-updates/ https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01

Benzer Kayıtlar

Critical

CVE-2025-61943

The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Standard User) to tamper…

Critical

CVE-2025-64691

The vulnerability, if exploited, could allow an authenticated miscreant (OS standard user) to tamper with TCL Macro scr…

High

CVE-2025-64729

The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to tamper with Process Optim…

High

CVE-2025-64769

The Process Optimization application suite leverages connection channels/protocols that by-default are not encrypted an…

High

CVE-2025-65117

The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Designer User) to embed O…

Critical

CVE-2025-61937

The vulnerability, if exploited, could allow an unauthenticated miscreant to achieve remote code execution under OS sys…