CNNVD-202601-2844 Information
CNNVD ID
CNNVD-202601-2844
Related CVE
- CNNVD Published: 2026-01-16
Description (Chinese)
AVEVA Process Optimization是英国AVEVA公司的一个实时过程优化软件。 AVEVA Process Optimization存在代码注入漏洞,该漏洞源于经过身份验证的攻击者可能篡改TCL宏脚本,可能导致权限提升和模型应用服务器被完全破解。
Description (English)
AVEVA Production Optimization is a real-time process optimization software for AVEVA. AVEVA Access Optimization has a code-enveloping loophole, which stems from the possibility that the identified assailants may tamper with the TCL macro script, which may lead to the complete breakdown of the rights enhancement and model application server.
Hazard Level
Medium
Vulnerability Type
代码注入
Affected Vendor
剑维软件
Published
2026-01-16
Last Modified
2026-02-24
References
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea https://www.aveva.com/en/support-and-success/cyber-security-updates/ https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01
Patch
https://www.aveva.com/en/support-and-success/cyber-security-updates/
Share on: