CVE-2026-14867 (GCVE-0-2026-14867)
Vulnerability from cvelistv5 – Published: 2026-07-07 09:25 – Updated: 2026-07-07 12:09
VLAI
EPSS
VEX
Title
Insecure password storage in User directory
Summary
Credentials of built-in users are insecurely stored in the User directory of PcVue projects, all versions prior to 17.0.0. A local attacker could retrieve users’ credentials.
Active Directory accounts are not affected by this vulnerability.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-256 - Plaintext storage of a password
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.pcvue.com/security/#SB2026-5 | vendor-advisory |
Date Public
2026-07-06 22:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-14867",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-07T12:08:53.050760Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-07T12:09:29.277Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "PcVue",
"vendor": "arcinfo",
"versions": [
{
"lessThan": "17.0.0",
"status": "affected",
"version": "0",
"versionType": "cpe"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arcinfo:pcvue:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"datePublic": "2026-07-06T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Credentials of built-in users are insecurely stored in the User directory of PcVue projects, all\u0026nbsp;versions prior to 17.0.0. A local attacker could retrieve users\u2019 credentials.\u003cdiv\u003e\u0026nbsp;\n\u003cbr\u003eActive Directory accounts are not affected by this vulnerability.\u003c/div\u003e"
}
],
"value": "Credentials of built-in users are insecurely stored in the User directory of PcVue projects, all\u00a0versions prior to 17.0.0. A local attacker could retrieve users\u2019 credentials.\u00a0\n\nActive Directory accounts are not affected by this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No POC available."
}
],
"value": "No POC available."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Not known to be exploited"
}
],
"value": "Not known to be exploited"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/AU:Y/R:U/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"other": {
"content": {
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CNA",
"version": "2.0.3"
},
"type": "ssvc"
},
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256 Plaintext storage of a password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-07T09:25:57.741Z",
"orgId": "87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932",
"shortName": "arcinfo"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.pcvue.com/security/#SB2026-5"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003eHarden the configuration\u003c/b\u003e\u003cbr\u003e\u003cu\u003eWho should apply this recommendation:\u003c/u\u003e All users\u003cbr\u003e\n\nTo reduce the risk of exploitation, ARC Informatique strongly recommends implementing the following defensive measures:\n\n\u003cul\u003e\u003cli\u003eMinimize network exposure for all control system devices and/or systems, and ensure they are not accessible from insecure networks.\u003c/li\u003e\u003cli\u003eLocate control system networks and remote devices behind firewalls and isolate them from business networks.\u003c/li\u003e\u003cli\u003eWhen remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.\u003c/li\u003e\u003c/ul\u003e\u003cdiv\u003eAdditional deployment guidance and recommended practices are available in the product documentation (\u003ca href=\"https://www.pcvue.com/ProductHelp/PcVue/en/Content/Deployment/hardening-guide/overview.php\"\u003eHardening Guide\u003c/a\u003e).\u003c/div\u003e\u003cbr\u003e\u003cb\u003eUpdate PcVue\u003c/b\u003e\u003cbr\u003e\u003cu\u003eWho should apply this recommendation:\u003c/u\u003e All users using the affected component \u003cbr\u003e\u003cbr\u003eApply the corrective update by installing PcVue Initial Release 17.0.0 or later\n\u003cbr\u003eIn a patched release, it will no longer be possible to load User directory from earlier versions. Existing projects designed with an earlier version require explicit migration using the ProjectUtility CLI tool. Instructions are provided in the product documentation (\u003ca href=\"https://www.pcvue.com/ProductHelp/PcVue/en/Content/Deployment/tools/project-utility-cli.php\"\u003eProject Utility CLI reference\u003c/a\u003e).\n\u003cbr\u003eTo verify that the patch is applied correctly, you must check that the File version property of the file ./bin/sv32.exe matches release 17.0.0 (17.0.0902.3726) or later, and ensure that any earlier release is no longer used.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\n\n\u003cb\u003eAvailable patches:\u003c/b\u003e\u003cbr\u003ePatch provided in:\u003cbr\u003e\u003cul\u003e\u003cli\u003ePcVue 17.0.0 (17.0.0902.3726)\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Harden the configuration\nWho should apply this recommendation: All users\n\n\nTo reduce the risk of exploitation, ARC Informatique strongly recommends implementing the following defensive measures:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from insecure networks.\n * Locate control system networks and remote devices behind firewalls and isolate them from business networks.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.\n\n\nAdditional deployment guidance and recommended practices are available in the product documentation ( Hardening Guide https://www.pcvue.com/ProductHelp/PcVue/en/Content/Deployment/hardening-guide/overview.php ).\n\n\nUpdate PcVue\nWho should apply this recommendation: All users using the affected component \n\nApply the corrective update by installing PcVue Initial Release 17.0.0 or later\n\nIn a patched release, it will no longer be possible to load User directory from earlier versions. Existing projects designed with an earlier version require explicit migration using the ProjectUtility CLI tool. Instructions are provided in the product documentation ( Project Utility CLI reference https://www.pcvue.com/ProductHelp/PcVue/en/Content/Deployment/tools/project-utility-cli.php ).\n\nTo verify that the patch is applied correctly, you must check that the File version property of the file ./bin/sv32.exe matches release 17.0.0 (17.0.0902.3726) or later, and ensure that any earlier release is no longer used.\n\n\n\n\nAvailable patches:\nPatch provided in:\n * PcVue 17.0.0 (17.0.0902.3726)"
}
],
"source": {
"advisory": "SB2026-5",
"discovery": "UNKNOWN"
},
"title": "Insecure password storage in User directory",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932",
"assignerShortName": "arcinfo",
"cveId": "CVE-2026-14867",
"datePublished": "2026-07-07T09:25:57.741Z",
"dateReserved": "2026-07-06T13:45:31.176Z",
"dateUpdated": "2026-07-07T12:09:29.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-14867",
"date": "2026-07-09",
"epss": "0.00092",
"percentile": "0.00655"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-14867\",\"sourceIdentifier\":\"87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932\",\"published\":\"2026-07-07T10:16:40.120\",\"lastModified\":\"2026-07-09T18:32:08.463\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Credentials of built-in users are insecurely stored in the User directory of PcVue projects, all\u00a0versions prior to 17.0.0. A local attacker could retrieve users\u2019 credentials.\u00a0\\n\\nActive Directory accounts are not affected by this vulnerability.\"}],\"affected\":[{\"source\":\"87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932\",\"affectedData\":[{\"vendor\":\"arcinfo\",\"product\":\"PcVue\",\"defaultStatus\":\"affected\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"17.0.0\",\"versionType\":\"cpe\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:Amber\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"YES\",\"Recovery\":\"USER\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"MODERATE\",\"providerUrgency\":\"AMBER\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932\",\"ssvcData\":{\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CNA\",\"version\":\"2.0.3\"}},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-07-07T12:08:53.050760Z\",\"id\":\"CVE-2026-14867\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-256\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:arcinfo:pcvue:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"17.0.0\",\"matchCriteriaId\":\"62062D62-40E8-496A-A847-6D864DDA46C9\"}]}]}],\"references\":[{\"url\":\"https://www.pcvue.com/security/#SB2026-5\",\"source\":\"87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-14867\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-07-07T12:08:53.050760Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-07-07T12:09:24.840Z\"}}], \"cna\": {\"title\": \"Insecure password storage in User directory\", \"source\": {\"advisory\": \"SB2026-5\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"USER\", \"baseScore\": 6.8, \"Automatable\": \"YES\", \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/AU:Y/R:U/RE:M/U:Amber\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"AMBER\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"MODERATE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"role\": \"CNA\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\"}}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"arcinfo\", \"product\": \"PcVue\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"17.0.0\", \"versionType\": \"cpe\"}], \"defaultStatus\": \"affected\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"No POC available.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"No POC available.\", \"base64\": false}]}, {\"lang\": \"en\", \"value\": \"Not known to be exploited\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Not known to be exploited\", \"base64\": false}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Harden the configuration\\nWho should apply this recommendation: All users\\n\\n\\nTo reduce the risk of exploitation, ARC Informatique strongly recommends implementing the following defensive measures:\\n\\n * Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from insecure networks.\\n * Locate control system networks and remote devices behind firewalls and isolate them from business networks.\\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.\\n\\n\\nAdditional deployment guidance and recommended practices are available in the product documentation ( Hardening Guide https://www.pcvue.com/ProductHelp/PcVue/en/Content/Deployment/hardening-guide/overview.php ).\\n\\n\\nUpdate PcVue\\nWho should apply this recommendation: All users using the affected component \\n\\nApply the corrective update by installing PcVue Initial Release 17.0.0 or later\\n\\nIn a patched release, it will no longer be possible to load User directory from earlier versions. Existing projects designed with an earlier version require explicit migration using the ProjectUtility CLI tool. Instructions are provided in the product documentation ( Project Utility CLI reference https://www.pcvue.com/ProductHelp/PcVue/en/Content/Deployment/tools/project-utility-cli.php ).\\n\\nTo verify that the patch is applied correctly, you must check that the File version property of the file ./bin/sv32.exe matches release 17.0.0 (17.0.0902.3726) or later, and ensure that any earlier release is no longer used.\\n\\n\\n\\n\\nAvailable patches:\\nPatch provided in:\\n * PcVue 17.0.0 (17.0.0902.3726)\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cb\u003eHarden the configuration\u003c/b\u003e\u003cbr\u003e\u003cu\u003eWho should apply this recommendation:\u003c/u\u003e All users\u003cbr\u003e\\n\\nTo reduce the risk of exploitation, ARC Informatique strongly recommends implementing the following defensive measures:\\n\\n\u003cul\u003e\u003cli\u003eMinimize network exposure for all control system devices and/or systems, and ensure they are not accessible from insecure networks.\u003c/li\u003e\u003cli\u003eLocate control system networks and remote devices behind firewalls and isolate them from business networks.\u003c/li\u003e\u003cli\u003eWhen remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.\u003c/li\u003e\u003c/ul\u003e\u003cdiv\u003eAdditional deployment guidance and recommended practices are available in the product documentation (\u003ca href=\\\"https://www.pcvue.com/ProductHelp/PcVue/en/Content/Deployment/hardening-guide/overview.php\\\"\u003eHardening Guide\u003c/a\u003e).\u003c/div\u003e\u003cbr\u003e\u003cb\u003eUpdate PcVue\u003c/b\u003e\u003cbr\u003e\u003cu\u003eWho should apply this recommendation:\u003c/u\u003e All users using the affected component \u003cbr\u003e\u003cbr\u003eApply the corrective update by installing PcVue Initial Release 17.0.0 or later\\n\u003cbr\u003eIn a patched release, it will no longer be possible to load User directory from earlier versions. Existing projects designed with an earlier version require explicit migration using the ProjectUtility CLI tool. Instructions are provided in the product documentation (\u003ca href=\\\"https://www.pcvue.com/ProductHelp/PcVue/en/Content/Deployment/tools/project-utility-cli.php\\\"\u003eProject Utility CLI reference\u003c/a\u003e).\\n\u003cbr\u003eTo verify that the patch is applied correctly, you must check that the File version property of the file ./bin/sv32.exe matches release 17.0.0 (17.0.0902.3726) or later, and ensure that any earlier release is no longer used.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\\n\\n\u003cb\u003eAvailable patches:\u003c/b\u003e\u003cbr\u003ePatch provided in:\u003cbr\u003e\u003cul\u003e\u003cli\u003ePcVue 17.0.0 (17.0.0902.3726)\u003c/li\u003e\u003c/ul\u003e\", \"base64\": false}]}], \"datePublic\": \"2026-07-06T22:00:00.000Z\", \"references\": [{\"url\": \"https://www.pcvue.com/security/#SB2026-5\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Credentials of built-in users are insecurely stored in the User directory of PcVue projects, all\\u00a0versions prior to 17.0.0. A local attacker could retrieve users\\u2019 credentials.\\u00a0\\n\\nActive Directory accounts are not affected by this vulnerability.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Credentials of built-in users are insecurely stored in the User directory of PcVue projects, all\u0026nbsp;versions prior to 17.0.0. A local attacker could retrieve users\\u2019 credentials.\u003cdiv\u003e\u0026nbsp;\\n\u003cbr\u003eActive Directory accounts are not affected by this vulnerability.\u003c/div\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-256\", \"description\": \"CWE-256 Plaintext storage of a password\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:arcinfo:pcvue:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"17.0.0\", \"versionStartIncluding\": \"0\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}], \"providerMetadata\": {\"orgId\": \"87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932\", \"shortName\": \"arcinfo\", \"dateUpdated\": \"2026-07-07T09:25:57.741Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-14867\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-07T12:09:29.277Z\", \"dateReserved\": \"2026-07-06T13:45:31.176Z\", \"assignerOrgId\": \"87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932\", \"datePublished\": \"2026-07-07T09:25:57.741Z\", \"assignerShortName\": \"arcinfo\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…