Vulnerability-Lookup

ICSA-26-015-01

Vulnerability from csaf_cisa - Published: 2026-01-15 07:00 - Updated: 2026-01-15 07:00

Summary

AVEVA Process Optimization

Notes

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Risk evaluation

Successful exploitation of these vulnerabilities could enable an attacker to execute remote code, perform SQL injection, escalate privileges, or access sensitive information.

Critical infrastructure sectors

Critical Manufacturing

Countries/areas deployed

Worldwide

Company headquarters location

United Kingdom

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this (these) vulnerability(ies), such as:

Recommended Practices

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Recommended Practices

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

Recommended Practices

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Recommended Practices

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Recommended Practices

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Recommended Practices

Do not click web links or open attachments in unsolicited email messages.

Recommended Practices

Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.

Recommended Practices

Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

Recommended Practices

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Christopher Wu"
        ],
        "organization": "Veracode",
        "summary": "reported these vulnerabilities to AVEVA"
      },
      {
        "organization": "AVEVA",
        "summary": "reported these vulnerabilities to CISA"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.cisa.gov/news-events/news/traffic-light-protocol-tlp-definitions-and-usage"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy \u0026 Use policy (https://www.cisa.gov/privacy-policy).",
        "title": "Legal Notice and Terms of Use"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these vulnerabilities could enable an attacker to execute remote code, perform SQL injection, escalate privileges, or access sensitive information.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "United Kingdom",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this (these) vulnerability(ies), such as:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Do not click web links or open attachments in unsolicited email messages.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "central@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-26-015-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2026/icsa-26-015-01.json"
      },
      {
        "category": "self",
        "summary": "ICSA Advisory ICSA-26-015-01 - Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/topics/industrial-control-systems"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/secure-our-world/teach-employees-avoid-phishing"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/news/avoiding-social-engineering-and-phishing-attacks"
      }
    ],
    "title": "AVEVA Process Optimization",
    "tracking": {
      "current_release_date": "2026-01-15T07:00:00.000000Z",
      "generator": {
        "date": "2026-01-14T22:05:05.319706Z",
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-26-015-01",
      "initial_release_date": "2026-01-15T07:00:00.000000Z",
      "revision_history": [
        {
          "date": "2026-01-15T07:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "Initial Republication of AVEVA-2026-001"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=2024.1",
                "product": {
                  "name": "AVEVA Process Optimization: \u003c=2024.1",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "Process Optimization"
          }
        ],
        "category": "vendor",
        "name": "AVEVA"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-61937",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The vulnerability, if exploited, could allow an unauthenticated miscreant to achieve remote code execution under OS System privileges of \"taoimr\" service, potentially resulting in complete compromise of the Model Application Server.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61937"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "AVEVA recommends users take the following action:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to AVEVA Process Optimization v2025",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea"
        },
        {
          "category": "mitigation",
          "details": "AVEVA alternatively recommends the following actions users can take to mitigate risk:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Apply Host and/or Network firewall rules restricting the taoimr service to accept traffic only from trusted source(s). By default, AVEVA Process Optimization listens on port 8888/8889(TLS). Please refer to the AVEVA Process Optimization Installation Guide for additional details on ports configuration.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Apply ACLs to the installation and data folders, limiting write-access to trusted users only.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Maintain a trusted chain-of-custody on Process Optimization project files during creation, modification, distribution, backups, and use.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For more information, please Aveva\u0027s security bulletin AVEVA-2026-001.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2025-64691",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to tamper with TCL Macro scripts and escalate privileges to OS System, potentially resulting in complete compromise of the Model Application Server.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-64691"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "AVEVA recommends users take the following action:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to AVEVA Process Optimization v2025",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea"
        },
        {
          "category": "mitigation",
          "details": "AVEVA alternatively recommends the following actions users can take to mitigate risk:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Apply Host and/or Network firewall rules restricting the taoimr service to accept traffic only from trusted source(s). By default, AVEVA Process Optimization listens on port 8888/8889(TLS). Please refer to the AVEVA Process Optimization Installation Guide for additional details on ports configuration.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Apply ACLs to the installation and data folders, limiting write-access to trusted users only.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Maintain a trusted chain-of-custody on Process Optimization project files during creation, modification, distribution, backups, and use.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For more information, please Aveva\u0027s security bulletin AVEVA-2026-001.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2025-61943",
      "cwe": {
        "id": "CWE-89",
        "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Standard User) to tamper with queries in Captive Historian and achieve code execution under SQL Server administrative privileges, potentially resulting in complete compromise of the SQL Server.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61943"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "AVEVA recommends users take the following action:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to AVEVA Process Optimization v2025",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea"
        },
        {
          "category": "mitigation",
          "details": "AVEVA alternatively recommends the following actions users can take to mitigate risk:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Apply Host and/or Network firewall rules restricting the taoimr service to accept traffic only from trusted source(s). By default, AVEVA Process Optimization listens on port 8888/8889(TLS). Please refer to the AVEVA Process Optimization Installation Guide for additional details on ports configuration.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Apply ACLs to the installation and data folders, limiting write-access to trusted users only.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Maintain a trusted chain-of-custody on Process Optimization project files during creation, modification, distribution, backups, and use.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For more information, please Aveva\u0027s security bulletin AVEVA-2026-001.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2025-65118",
      "cwe": {
        "id": "CWE-427",
        "name": "Uncontrolled Search Path Element"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to trick Process Optimization services into loading arbitrary code and escalate privileges to OS System, potentially resulting in complete compromise of the Model Application Server.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-65118"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "AVEVA recommends users take the following action:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to AVEVA Process Optimization v2025",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea"
        },
        {
          "category": "mitigation",
          "details": "AVEVA alternatively recommends the following actions users can take to mitigate risk:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Apply Host and/or Network firewall rules restricting the taoimr service to accept traffic only from trusted source(s). By default, AVEVA Process Optimization listens on port 8888/8889(TLS). Please refer to the AVEVA Process Optimization Installation Guide for additional details on ports configuration.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Apply ACLs to the installation and data folders, limiting write-access to trusted users only.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Maintain a trusted chain-of-custody on Process Optimization project files during creation, modification, distribution, backups, and use.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For more information, please Aveva\u0027s security bulletin AVEVA-2026-001.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2025-64729",
      "cwe": {
        "id": "CWE-862",
        "name": "Missing Authorization"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to tamper with Process Optimization project files, embed code, and escalate their privileges to the identity of a victim user who subsequently interacts with the project files.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-64729"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "AVEVA recommends users take the following action:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to AVEVA Process Optimization v2025",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea"
        },
        {
          "category": "mitigation",
          "details": "AVEVA alternatively recommends the following actions users can take to mitigate risk:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Apply Host and/or Network firewall rules restricting the taoimr service to accept traffic only from trusted source(s). By default, AVEVA Process Optimization listens on port 8888/8889(TLS). Please refer to the AVEVA Process Optimization Installation Guide for additional details on ports configuration.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Apply ACLs to the installation and data folders, limiting write-access to trusted users only.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Maintain a trusted chain-of-custody on Process Optimization project files during creation, modification, distribution, backups, and use.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For more information, please Aveva\u0027s security bulletin AVEVA-2026-001.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2025-65117",
      "cwe": {
        "id": "CWE-676",
        "name": "Use of Potentially Dangerous Function"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Designer User) to embed OLE objects into graphics, and escalate their privileges to the identity of a victim user who subsequently interacts with the graphical elements.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-65117"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "AVEVA recommends users take the following action:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to AVEVA Process Optimization v2025",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea"
        },
        {
          "category": "mitigation",
          "details": "AVEVA alternatively recommends the following actions users can take to mitigate risk:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Apply Host and/or Network firewall rules restricting the taoimr service to accept traffic only from trusted source(s). By default, AVEVA Process Optimization listens on port 8888/8889(TLS). Please refer to the AVEVA Process Optimization Installation Guide for additional details on ports configuration.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Apply ACLs to the installation and data folders, limiting write-access to trusted users only.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Maintain a trusted chain-of-custody on Process Optimization project files during creation, modification, distribution, backups, and use.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For more information, please Aveva\u0027s security bulletin AVEVA-2026-001.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2025-64769",
      "cwe": {
        "id": "CWE-319",
        "name": "Cleartext Transmission of Sensitive Information"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The Process Optimization application suite leverages connection channels/protocols that by-default are not encrypted and could become subject to hijacking or data leakage in certain man-in-the-Middle or passive inspection scenarios.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-64769"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "AVEVA recommends users take the following action:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to AVEVA Process Optimization v2025",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea"
        },
        {
          "category": "mitigation",
          "details": "AVEVA alternatively recommends the following actions users can take to mitigate risk:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Apply Host and/or Network firewall rules restricting the taoimr service to accept traffic only from trusted source(s). By default, AVEVA Process Optimization listens on port 8888/8889(TLS). Please refer to the AVEVA Process Optimization Installation Guide for additional details on ports configuration.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Apply ACLs to the installation and data folders, limiting write-access to trusted users only.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Maintain a trusted chain-of-custody on Process Optimization project files during creation, modification, distribution, backups, and use.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For more information, please Aveva\u0027s security bulletin AVEVA-2026-001.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    }
  ]
}

CVE-2025-65118 (GCVE-0-2025-65118)

Vulnerability from cvelistv5 – Published: 2026-01-16 00:11 – Updated: 2026-01-16 15:39

Title

AVEVA Process Optimization Uncontrolled Search Path Element

Summary

The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to trick Process Optimization services into loading arbitrary code and escalate privileges to OS System, potentially resulting in complete compromise of the Model Application Server.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

9.3 (Critical)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CWE

CWE-427

Assigner

icscert

References

URL

Tags

	https://www.aveva.com/en/support-and-success/cybe…
	https://softwaresupportsp.aveva.com/en-US/downloa…
	https://www.cisa.gov/news-events/ics-advisories/i…
	https://github.com/cisagov/CSAF/blob/develop/csaf…

Impacted products

	Vendor	Product	Version
	AVEVA	Process Optimization	Affected: 0 , ≤ 2024.1 (custom)

Credits

Christopher Wu of Veracode reported these vulnerabilities to AVEVA.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-65118",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-16T15:39:31.310210Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-16T15:39:37.345Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Process Optimization",
          "vendor": "AVEVA",
          "versions": [
            {
              "lessThanOrEqual": "2024.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Christopher Wu of Veracode reported these vulnerabilities to AVEVA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The vulnerability, if exploited, could allow an authenticated miscreant \n(OS Standard User) to trick Process Optimization services into loading \narbitrary code and escalate privileges to OS System, potentially \nresulting in complete compromise of the Model Application Server."
            }
          ],
          "value": "The vulnerability, if exploited, could allow an authenticated miscreant \n(OS Standard User) to trick Process Optimization services into loading \narbitrary code and escalate privileges to OS System, potentially \nresulting in complete compromise of the Model Application Server."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-427",
              "description": "CWE-427",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-16T00:11:12.560Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
        },
        {
          "url": "https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea"
        },
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01"
        },
        {
          "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAVEVA recommends users take the following action:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea\"\u003eAVEVA Process Optimization v2025\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\nFor more information, please \nAVEVA\u0027s security bulletin \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003eAVEVA-2026-001\u003c/a\u003e.\n\n\u003cbr\u003e"
            }
          ],
          "value": "AVEVA recommends users take the following action:\n\n\n\n  *  Update to  AVEVA Process Optimization v2025 https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea \n\n\n\n\n\nFor more information, please \nAVEVA\u0027s security bulletin  AVEVA-2026-001 https://www.aveva.com/en/support-and-success/cyber-security-updates/ ."
        }
      ],
      "source": {
        "advisory": "ICSA-26-015-01",
        "discovery": "EXTERNAL"
      },
      "title": "AVEVA Process Optimization Uncontrolled Search Path Element",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAVEVA alternatively recommends the following actions users can take to mitigate risk:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eApply host and/or network firewall rules restricting the taoimr \nservice to accept traffic only from trusted source(s). By default, AVEVA\n Process Optimization listens on port 8888/8889(TLS). Please refer to \nthe AVEVA Process Optimization Installation Guide for additional details\n on ports configuration.\u003c/li\u003e\n\u003cli\u003eApply ACLs to the installation and data folders, limiting write-access to trusted users only.\u003c/li\u003e\n\u003cli\u003eMaintain a trusted chain-of-custody on Process Optimization project \nfiles during creation, modification, distribution, backups, and use.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor more information, please \nAVEVA\u0027s security bulletin \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003eAVEVA-2026-001\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "AVEVA alternatively recommends the following actions users can take to mitigate risk:\n\n\n\n  *  Apply host and/or network firewall rules restricting the taoimr \nservice to accept traffic only from trusted source(s). By default, AVEVA\n Process Optimization listens on port 8888/8889(TLS). Please refer to \nthe AVEVA Process Optimization Installation Guide for additional details\n on ports configuration.\n\n  *  Apply ACLs to the installation and data folders, limiting write-access to trusted users only.\n\n  *  Maintain a trusted chain-of-custody on Process Optimization project \nfiles during creation, modification, distribution, backups, and use.\n\n\n\n\nFor more information, please \nAVEVA\u0027s security bulletin  AVEVA-2026-001 https://www.aveva.com/en/support-and-success/cyber-security-updates/ ."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2025-65118",
    "datePublished": "2026-01-16T00:11:12.560Z",
    "dateReserved": "2025-11-24T18:22:00.785Z",
    "dateUpdated": "2026-01-16T15:39:37.345Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-64691 (GCVE-0-2025-64691)

Vulnerability from cvelistv5 – Published: 2026-01-16 00:06 – Updated: 2026-01-16 15:12

Title

AVEVA Process Optimization Code Injection

Summary

The vulnerability, if exploited, could allow an authenticated miscreant (OS standard user) to tamper with TCL Macro scripts and escalate privileges to OS system, potentially resulting in complete compromise of the model application server.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

9.3 (Critical)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CWE

CWE-94

Assigner

icscert

References

URL

Tags

	https://www.aveva.com/en/support-and-success/cybe…
	https://softwaresupportsp.aveva.com/en-US/downloa…
	https://www.cisa.gov/news-events/ics-advisories/i…
	https://github.com/cisagov/CSAF/blob/develop/csaf…

Impacted products

	Vendor	Product	Version
	AVEVA	Process Optimization	Affected: 0 , ≤ 2024.1 (custom)

Credits

Christopher Wu of Veracode reported these vulnerabilities to AVEVA.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-64691",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-16T15:11:30.315185Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-16T15:12:10.618Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Process Optimization",
          "vendor": "AVEVA",
          "versions": [
            {
              "lessThanOrEqual": "2024.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Christopher Wu of Veracode reported these vulnerabilities to AVEVA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The vulnerability, if exploited, could allow an authenticated miscreant \n(OS standard user) to tamper with TCL Macro scripts and escalate \nprivileges to OS system, potentially resulting in complete compromise of\n the model application server."
            }
          ],
          "value": "The vulnerability, if exploited, could allow an authenticated miscreant \n(OS standard user) to tamper with TCL Macro scripts and escalate \nprivileges to OS system, potentially resulting in complete compromise of\n the model application server."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-16T00:06:56.554Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
        },
        {
          "url": "https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea"
        },
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01"
        },
        {
          "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAVEVA recommends users take the following action:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea\"\u003eAVEVA Process Optimization v2025\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\nFor more information, please \nAVEVA\u0027s security bulletin \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003eAVEVA-2026-001\u003c/a\u003e.\n\n\u003cbr\u003e"
            }
          ],
          "value": "AVEVA recommends users take the following action:\n\n\n\n  *  Update to  AVEVA Process Optimization v2025 https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea \n\n\n\n\n\nFor more information, please \nAVEVA\u0027s security bulletin  AVEVA-2026-001 https://www.aveva.com/en/support-and-success/cyber-security-updates/ ."
        }
      ],
      "source": {
        "advisory": "ICSA-26-015-01",
        "discovery": "EXTERNAL"
      },
      "title": "AVEVA Process Optimization Code Injection",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAVEVA alternatively recommends the following actions users can take to mitigate risk:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eApply host and/or network firewall rules restricting the taoimr \nservice to accept traffic only from trusted source(s). By default, AVEVA\n Process Optimization listens on port 8888/8889(TLS). Please refer to \nthe AVEVA Process Optimization Installation Guide for additional details\n on ports configuration.\u003c/li\u003e\n\u003cli\u003eApply ACLs to the installation and data folders, limiting write-access to trusted users only.\u003c/li\u003e\n\u003cli\u003eMaintain a trusted chain-of-custody on Process Optimization project \nfiles during creation, modification, distribution, backups, and use.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor more information, please \nAVEVA\u0027s security bulletin \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003eAVEVA-2026-001\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "AVEVA alternatively recommends the following actions users can take to mitigate risk:\n\n\n\n  *  Apply host and/or network firewall rules restricting the taoimr \nservice to accept traffic only from trusted source(s). By default, AVEVA\n Process Optimization listens on port 8888/8889(TLS). Please refer to \nthe AVEVA Process Optimization Installation Guide for additional details\n on ports configuration.\n\n  *  Apply ACLs to the installation and data folders, limiting write-access to trusted users only.\n\n  *  Maintain a trusted chain-of-custody on Process Optimization project \nfiles during creation, modification, distribution, backups, and use.\n\n\n\n\nFor more information, please \nAVEVA\u0027s security bulletin  AVEVA-2026-001 https://www.aveva.com/en/support-and-success/cyber-security-updates/ ."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2025-64691",
    "datePublished": "2026-01-16T00:06:56.554Z",
    "dateReserved": "2025-11-24T18:22:00.766Z",
    "dateUpdated": "2026-01-16T15:12:10.618Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-61937 (GCVE-0-2025-61937)

Vulnerability from cvelistv5 – Published: 2026-01-16 00:04 – Updated: 2026-01-16 15:10

Title

AVEVA Process Optimization Code Injection

Summary

The vulnerability, if exploited, could allow an unauthenticated miscreant to achieve remote code execution under OS system privileges of “taoimr” service, potentially resulting in complete compromise of the model application server.

Severity ?

10 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

10 (Critical)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CWE

CWE-94

Assigner

icscert

References

URL

Tags

	https://www.aveva.com/en/support-and-success/cybe…
	https://softwaresupportsp.aveva.com/en-US/downloa…
	https://www.cisa.gov/news-events/ics-advisories/i…
	https://github.com/cisagov/CSAF/blob/develop/csaf…

Impacted products

	Vendor	Product	Version
	AVEVA	Process Optimization	Affected: 0 , ≤ 2024.1 (custom)

Credits

Christopher Wu of Veracode reported these vulnerabilities to AVEVA.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-61937",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-16T15:09:41.593345Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-16T15:10:11.404Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Process Optimization",
          "vendor": "AVEVA",
          "versions": [
            {
              "lessThanOrEqual": "2024.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Christopher Wu of Veracode reported these vulnerabilities to AVEVA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The vulnerability, if exploited, could allow an unauthenticated \nmiscreant to achieve remote code execution under OS system privileges of\n \u201ctaoimr\u201d service, potentially resulting in complete compromise of the\u0026nbsp; model application server."
            }
          ],
          "value": "The vulnerability, if exploited, could allow an unauthenticated \nmiscreant to achieve remote code execution under OS system privileges of\n \u201ctaoimr\u201d service, potentially resulting in complete compromise of the\u00a0 model application server."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-16T00:04:37.128Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
        },
        {
          "url": "https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea"
        },
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01"
        },
        {
          "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAVEVA recommends users take the following action:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea\"\u003eAVEVA Process Optimization v2025\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\nFor more information, please \nAVEVA\u0027s security bulletin \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003eAVEVA-2026-001\u003c/a\u003e.\n\n\u003cbr\u003e"
            }
          ],
          "value": "AVEVA recommends users take the following action:\n\n\n\n  *  Update to  AVEVA Process Optimization v2025 https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea \n\n\n\n\n\nFor more information, please \nAVEVA\u0027s security bulletin  AVEVA-2026-001 https://www.aveva.com/en/support-and-success/cyber-security-updates/ ."
        }
      ],
      "source": {
        "advisory": "ICSA-26-015-01",
        "discovery": "EXTERNAL"
      },
      "title": "AVEVA Process Optimization Code Injection",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAVEVA alternatively recommends the following actions users can take to mitigate risk:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eApply host and/or network firewall rules restricting the taoimr \nservice to accept traffic only from trusted source(s). By default, AVEVA\n Process Optimization listens on port 8888/8889(TLS). Please refer to \nthe AVEVA Process Optimization Installation Guide for additional details\n on ports configuration.\u003c/li\u003e\n\u003cli\u003eApply ACLs to the installation and data folders, limiting write-access to trusted users only.\u003c/li\u003e\n\u003cli\u003eMaintain a trusted chain-of-custody on Process Optimization project \nfiles during creation, modification, distribution, backups, and use.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor more information, please \nAVEVA\u0027s security bulletin \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003eAVEVA-2026-001\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "AVEVA alternatively recommends the following actions users can take to mitigate risk:\n\n\n\n  *  Apply host and/or network firewall rules restricting the taoimr \nservice to accept traffic only from trusted source(s). By default, AVEVA\n Process Optimization listens on port 8888/8889(TLS). Please refer to \nthe AVEVA Process Optimization Installation Guide for additional details\n on ports configuration.\n\n  *  Apply ACLs to the installation and data folders, limiting write-access to trusted users only.\n\n  *  Maintain a trusted chain-of-custody on Process Optimization project \nfiles during creation, modification, distribution, backups, and use.\n\n\n\n\nFor more information, please \nAVEVA\u0027s security bulletin  AVEVA-2026-001 https://www.aveva.com/en/support-and-success/cyber-security-updates/ ."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2025-61937",
    "datePublished": "2026-01-16T00:04:37.128Z",
    "dateReserved": "2025-11-24T18:22:00.744Z",
    "dateUpdated": "2026-01-16T15:10:11.404Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-61943 (GCVE-0-2025-61943)

Vulnerability from cvelistv5 – Published: 2026-01-16 00:09 – Updated: 2026-01-16 15:06

Title

AVEVA Process Optimization SQL Injection

Summary

The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Standard User) to tamper with queries in Captive Historian and achieve code execution under SQL Server administrative privileges, potentially resulting in complete compromise of the SQL Server.

Severity ?

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

9.3 (Critical)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H

CWE

CWE-89

Assigner

icscert

References

URL

Tags

	https://www.aveva.com/en/support-and-success/cybe…
	https://softwaresupportsp.aveva.com/en-US/downloa…
	https://www.cisa.gov/news-events/ics-advisories/i…
	https://github.com/cisagov/CSAF/blob/develop/csaf…

Impacted products

	Vendor	Product	Version
	AVEVA	Process Optimization	Affected: 0 , ≤ 2024.1 (custom)

Credits

Christopher Wu of Veracode reported these vulnerabilities to AVEVA.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-61943",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-16T15:05:33.136579Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-16T15:06:06.845Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Process Optimization",
          "vendor": "AVEVA",
          "versions": [
            {
              "lessThanOrEqual": "2024.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Christopher Wu of Veracode reported these vulnerabilities to AVEVA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The vulnerability, if exploited, could allow an authenticated miscreant \n(Process Optimization Standard User) to tamper with queries in Captive \nHistorian and achieve code execution under SQL Server administrative \nprivileges, potentially resulting in complete compromise of the SQL \nServer."
            }
          ],
          "value": "The vulnerability, if exploited, could allow an authenticated miscreant \n(Process Optimization Standard User) to tamper with queries in Captive \nHistorian and achieve code execution under SQL Server administrative \nprivileges, potentially resulting in complete compromise of the SQL \nServer."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-16T00:09:18.629Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
        },
        {
          "url": "https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea"
        },
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01"
        },
        {
          "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAVEVA recommends users take the following action:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea\"\u003eAVEVA Process Optimization v2025\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\nFor more information, please \nAVEVA\u0027s security bulletin \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003eAVEVA-2026-001\u003c/a\u003e.\n\n\u003cbr\u003e"
            }
          ],
          "value": "AVEVA recommends users take the following action:\n\n\n\n  *  Update to  AVEVA Process Optimization v2025 https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea \n\n\n\n\n\nFor more information, please \nAVEVA\u0027s security bulletin  AVEVA-2026-001 https://www.aveva.com/en/support-and-success/cyber-security-updates/ ."
        }
      ],
      "source": {
        "advisory": "ICSA-26-015-01",
        "discovery": "EXTERNAL"
      },
      "title": "AVEVA Process Optimization SQL Injection",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAVEVA alternatively recommends the following actions users can take to mitigate risk:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eApply host and/or network firewall rules restricting the taoimr \nservice to accept traffic only from trusted source(s). By default, AVEVA\n Process Optimization listens on port 8888/8889(TLS). Please refer to \nthe AVEVA Process Optimization Installation Guide for additional details\n on ports configuration.\u003c/li\u003e\n\u003cli\u003eApply ACLs to the installation and data folders, limiting write-access to trusted users only.\u003c/li\u003e\n\u003cli\u003eMaintain a trusted chain-of-custody on Process Optimization project \nfiles during creation, modification, distribution, backups, and use.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor more information, please \nAVEVA\u0027s security bulletin \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003eAVEVA-2026-001\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "AVEVA alternatively recommends the following actions users can take to mitigate risk:\n\n\n\n  *  Apply host and/or network firewall rules restricting the taoimr \nservice to accept traffic only from trusted source(s). By default, AVEVA\n Process Optimization listens on port 8888/8889(TLS). Please refer to \nthe AVEVA Process Optimization Installation Guide for additional details\n on ports configuration.\n\n  *  Apply ACLs to the installation and data folders, limiting write-access to trusted users only.\n\n  *  Maintain a trusted chain-of-custody on Process Optimization project \nfiles during creation, modification, distribution, backups, and use.\n\n\n\n\nFor more information, please \nAVEVA\u0027s security bulletin  AVEVA-2026-001 https://www.aveva.com/en/support-and-success/cyber-security-updates/ ."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2025-61943",
    "datePublished": "2026-01-16T00:09:18.629Z",
    "dateReserved": "2025-11-24T18:22:00.776Z",
    "dateUpdated": "2026-01-16T15:06:06.845Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-64769 (GCVE-0-2025-64769)

Vulnerability from cvelistv5 – Published: 2026-01-16 00:16 – Updated: 2026-01-16 14:52

Title

AVEVA Process Optimization Cleartext Transmission of Sensitive Information

Summary

The Process Optimization application suite leverages connection channels/protocols that by-default are not encrypted and could become subject to hijacking or data leakage in certain man-in-the-middle or passive inspection scenarios.

Severity ?

7.1 (High)


                        
                          CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

7.6 (High)


                        
                          CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

CWE

CWE-319

Assigner

icscert

References

URL

Tags

	https://www.aveva.com/en/support-and-success/cybe…
	https://softwaresupportsp.aveva.com/en-US/downloa…
	https://www.cisa.gov/news-events/ics-advisories/i…
	https://github.com/cisagov/CSAF/blob/develop/csaf…

Impacted products

	Vendor	Product	Version
	AVEVA	Process Optimization	Affected: 0 , ≤ 2024.1 (custom)

Credits

Christopher Wu of Veracode reported these vulnerabilities to AVEVA.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-64769",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-16T14:52:23.223478Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-16T14:52:30.496Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Process Optimization",
          "vendor": "AVEVA",
          "versions": [
            {
              "lessThanOrEqual": "2024.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Christopher Wu of Veracode reported these vulnerabilities to AVEVA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The Process Optimization application suite leverages connection \nchannels/protocols that by-default are not encrypted and could become \nsubject to hijacking or data leakage in certain man-in-the-middle or \npassive inspection scenarios."
            }
          ],
          "value": "The Process Optimization application suite leverages connection \nchannels/protocols that by-default are not encrypted and could become \nsubject to hijacking or data leakage in certain man-in-the-middle or \npassive inspection scenarios."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-319",
              "description": "CWE-319",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-16T00:16:48.949Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
        },
        {
          "url": "https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea"
        },
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01"
        },
        {
          "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAVEVA recommends users take the following action:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea\"\u003eAVEVA Process Optimization v2025\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\nFor more information, please \nAVEVA\u0027s security bulletin \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003eAVEVA-2026-001\u003c/a\u003e.\n\n\u003cbr\u003e"
            }
          ],
          "value": "AVEVA recommends users take the following action:\n\n\n\n  *  Update to  AVEVA Process Optimization v2025 https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea \n\n\n\n\n\nFor more information, please \nAVEVA\u0027s security bulletin  AVEVA-2026-001 https://www.aveva.com/en/support-and-success/cyber-security-updates/ ."
        }
      ],
      "source": {
        "advisory": "ICSA-26-015-01",
        "discovery": "EXTERNAL"
      },
      "title": "AVEVA Process Optimization Cleartext Transmission of Sensitive Information",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAVEVA alternatively recommends the following actions users can take to mitigate risk:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eApply host and/or network firewall rules restricting the taoimr \nservice to accept traffic only from trusted source(s). By default, AVEVA\n Process Optimization listens on port 8888/8889(TLS). Please refer to \nthe AVEVA Process Optimization Installation Guide for additional details\n on ports configuration.\u003c/li\u003e\n\u003cli\u003eApply ACLs to the installation and data folders, limiting write-access to trusted users only.\u003c/li\u003e\n\u003cli\u003eMaintain a trusted chain-of-custody on Process Optimization project \nfiles during creation, modification, distribution, backups, and use.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor more information, please \nAVEVA\u0027s security bulletin \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003eAVEVA-2026-001\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "AVEVA alternatively recommends the following actions users can take to mitigate risk:\n\n\n\n  *  Apply host and/or network firewall rules restricting the taoimr \nservice to accept traffic only from trusted source(s). By default, AVEVA\n Process Optimization listens on port 8888/8889(TLS). Please refer to \nthe AVEVA Process Optimization Installation Guide for additional details\n on ports configuration.\n\n  *  Apply ACLs to the installation and data folders, limiting write-access to trusted users only.\n\n  *  Maintain a trusted chain-of-custody on Process Optimization project \nfiles during creation, modification, distribution, backups, and use.\n\n\n\n\nFor more information, please \nAVEVA\u0027s security bulletin  AVEVA-2026-001 https://www.aveva.com/en/support-and-success/cyber-security-updates/ ."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2025-64769",
    "datePublished": "2026-01-16T00:16:48.949Z",
    "dateReserved": "2025-11-24T18:22:00.813Z",
    "dateUpdated": "2026-01-16T14:52:30.496Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-65117 (GCVE-0-2025-65117)

Vulnerability from cvelistv5 – Published: 2026-01-16 00:14 – Updated: 2026-01-16 14:53

Title

AVEVA Process Optimization Use of Potentially Dangerous Function

Summary

The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Designer User) to embed OLE objects into graphics, and escalate their privileges to the identity of a victim user who subsequently interacts with the graphical elements.

Severity ?

7.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

8.5 (High)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H

CWE

CWE-676

Assigner

icscert

References

URL

Tags

	https://www.aveva.com/en/support-and-success/cybe…
	https://softwaresupportsp.aveva.com/en-US/downloa…
	https://www.cisa.gov/news-events/ics-advisories/i…
	https://github.com/cisagov/CSAF/blob/develop/csaf…

Impacted products

	Vendor	Product	Version
	AVEVA	Process Optimization	Affected: 0 , ≤ 2024.1 (custom)

Credits

Christopher Wu of Veracode reported these vulnerabilities to AVEVA.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-65117",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-16T14:53:07.205216Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-16T14:53:13.050Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Process Optimization",
          "vendor": "AVEVA",
          "versions": [
            {
              "lessThanOrEqual": "2024.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Christopher Wu of Veracode reported these vulnerabilities to AVEVA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The vulnerability, if exploited, could allow an authenticated miscreant \n(Process Optimization Designer User) to embed OLE objects into graphics,\n and escalate their privileges to the identity of a victim user who \nsubsequently interacts with the graphical elements."
            }
          ],
          "value": "The vulnerability, if exploited, could allow an authenticated miscreant \n(Process Optimization Designer User) to embed OLE objects into graphics,\n and escalate their privileges to the identity of a victim user who \nsubsequently interacts with the graphical elements."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-676",
              "description": "CWE-676",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-16T00:14:27.567Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
        },
        {
          "url": "https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea"
        },
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01"
        },
        {
          "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAVEVA recommends users take the following action:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea\"\u003eAVEVA Process Optimization v2025\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\nFor more information, please \nAVEVA\u0027s security bulletin \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003eAVEVA-2026-001\u003c/a\u003e.\n\n\u003cbr\u003e"
            }
          ],
          "value": "AVEVA recommends users take the following action:\n\n\n\n  *  Update to  AVEVA Process Optimization v2025 https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea \n\n\n\n\n\nFor more information, please \nAVEVA\u0027s security bulletin  AVEVA-2026-001 https://www.aveva.com/en/support-and-success/cyber-security-updates/ ."
        }
      ],
      "source": {
        "advisory": "ICSA-26-015-01",
        "discovery": "EXTERNAL"
      },
      "title": "AVEVA Process Optimization Use of Potentially Dangerous Function",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAVEVA alternatively recommends the following actions users can take to mitigate risk:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eApply host and/or network firewall rules restricting the taoimr \nservice to accept traffic only from trusted source(s). By default, AVEVA\n Process Optimization listens on port 8888/8889(TLS). Please refer to \nthe AVEVA Process Optimization Installation Guide for additional details\n on ports configuration.\u003c/li\u003e\n\u003cli\u003eApply ACLs to the installation and data folders, limiting write-access to trusted users only.\u003c/li\u003e\n\u003cli\u003eMaintain a trusted chain-of-custody on Process Optimization project \nfiles during creation, modification, distribution, backups, and use.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor more information, please \nAVEVA\u0027s security bulletin \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003eAVEVA-2026-001\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "AVEVA alternatively recommends the following actions users can take to mitigate risk:\n\n\n\n  *  Apply host and/or network firewall rules restricting the taoimr \nservice to accept traffic only from trusted source(s). By default, AVEVA\n Process Optimization listens on port 8888/8889(TLS). Please refer to \nthe AVEVA Process Optimization Installation Guide for additional details\n on ports configuration.\n\n  *  Apply ACLs to the installation and data folders, limiting write-access to trusted users only.\n\n  *  Maintain a trusted chain-of-custody on Process Optimization project \nfiles during creation, modification, distribution, backups, and use.\n\n\n\n\nFor more information, please \nAVEVA\u0027s security bulletin  AVEVA-2026-001 https://www.aveva.com/en/support-and-success/cyber-security-updates/ ."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2025-65117",
    "datePublished": "2026-01-16T00:14:27.567Z",
    "dateReserved": "2025-11-24T18:22:00.806Z",
    "dateUpdated": "2026-01-16T14:53:13.050Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-64729 (GCVE-0-2025-64729)

Vulnerability from cvelistv5 – Published: 2026-01-16 00:12 – Updated: 2026-01-16 14:53

Title

AVEVA Process Optimization Missing Authorization

Summary

The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to tamper with Process Optimization project files, embed code, and escalate their privileges to the identity of a victim user who subsequently interacts with the project files.

Severity ?

8.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L

8.6 (High)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:H

CWE

CWE-862

Assigner

icscert

References

URL

Tags

	https://www.aveva.com/en/support-and-success/cybe…
	https://softwaresupportsp.aveva.com/en-US/downloa…
	https://www.cisa.gov/news-events/ics-advisories/i…
	https://github.com/cisagov/CSAF/blob/develop/csaf…

Impacted products

	Vendor	Product	Version
	AVEVA	Process Optimization	Affected: 0 , ≤ 2024.1 (custom)

Credits

Christopher Wu of Veracode reported these vulnerabilities to AVEVA.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-64729",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-16T14:53:36.738653Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-16T14:53:45.166Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Process Optimization",
          "vendor": "AVEVA",
          "versions": [
            {
              "lessThanOrEqual": "2024.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Christopher Wu of Veracode reported these vulnerabilities to AVEVA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The vulnerability, if exploited, could allow an authenticated miscreant \n(OS Standard User) to tamper with Process Optimization project files, \nembed code, and escalate their privileges to the identity of a victim \nuser who subsequently interacts with the project files."
            }
          ],
          "value": "The vulnerability, if exploited, could allow an authenticated miscreant \n(OS Standard User) to tamper with Process Optimization project files, \nembed code, and escalate their privileges to the identity of a victim \nuser who subsequently interacts with the project files."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-16T00:12:45.798Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
        },
        {
          "url": "https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea"
        },
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01"
        },
        {
          "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAVEVA recommends users take the following action:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea\"\u003eAVEVA Process Optimization v2025\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\nFor more information, please \nAVEVA\u0027s security bulletin \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003eAVEVA-2026-001\u003c/a\u003e.\n\n\u003cbr\u003e"
            }
          ],
          "value": "AVEVA recommends users take the following action:\n\n\n\n  *  Update to  AVEVA Process Optimization v2025 https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea \n\n\n\n\n\nFor more information, please \nAVEVA\u0027s security bulletin  AVEVA-2026-001 https://www.aveva.com/en/support-and-success/cyber-security-updates/ ."
        }
      ],
      "source": {
        "advisory": "ICSA-26-015-01",
        "discovery": "EXTERNAL"
      },
      "title": "AVEVA Process Optimization Missing Authorization",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAVEVA alternatively recommends the following actions users can take to mitigate risk:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eApply host and/or network firewall rules restricting the taoimr \nservice to accept traffic only from trusted source(s). By default, AVEVA\n Process Optimization listens on port 8888/8889(TLS). Please refer to \nthe AVEVA Process Optimization Installation Guide for additional details\n on ports configuration.\u003c/li\u003e\n\u003cli\u003eApply ACLs to the installation and data folders, limiting write-access to trusted users only.\u003c/li\u003e\n\u003cli\u003eMaintain a trusted chain-of-custody on Process Optimization project \nfiles during creation, modification, distribution, backups, and use.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor more information, please \nAVEVA\u0027s security bulletin \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\"\u003eAVEVA-2026-001\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "AVEVA alternatively recommends the following actions users can take to mitigate risk:\n\n\n\n  *  Apply host and/or network firewall rules restricting the taoimr \nservice to accept traffic only from trusted source(s). By default, AVEVA\n Process Optimization listens on port 8888/8889(TLS). Please refer to \nthe AVEVA Process Optimization Installation Guide for additional details\n on ports configuration.\n\n  *  Apply ACLs to the installation and data folders, limiting write-access to trusted users only.\n\n  *  Maintain a trusted chain-of-custody on Process Optimization project \nfiles during creation, modification, distribution, backups, and use.\n\n\n\n\nFor more information, please \nAVEVA\u0027s security bulletin  AVEVA-2026-001 https://www.aveva.com/en/support-and-success/cyber-security-updates/ ."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2025-64729",
    "datePublished": "2026-01-16T00:12:45.798Z",
    "dateReserved": "2025-11-24T18:22:00.798Z",
    "dateUpdated": "2026-01-16T14:53:45.166Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

ICSA-26-015-01

CVE-2025-65118 (GCVE-0-2025-65118)

CVE-2025-64691 (GCVE-0-2025-64691)

CVE-2025-61937 (GCVE-0-2025-61937)

CVE-2025-61943 (GCVE-0-2025-61943)

CVE-2025-64769 (GCVE-0-2025-64769)

CVE-2025-65117 (GCVE-0-2025-65117)

CVE-2025-64729 (GCVE-0-2025-64729)

Tags

Sightings

Nomenclature