Description

The vulnerability, if exploited, could allow an unauthenticated miscreant to achieve remote code execution under OS system privileges of “taoimr” service, potentially resulting in complete compromise of the  model application server.

Related CPE's

a

aveva

process_optimization

Vulnerable

References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json

Third Party Advisory

https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea

Permissions Required

https://www.aveva.com/en/support-and-success/cyber-security-updates/

Vendor Advisory

https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01

Third Party AdvisoryUS Government Resource

Weaknesses

[email protected]

Primary
CWE-94

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

10 · Critical

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2026-01-16T02:16:42.833Z

1 month ago

Last modified

2026-01-22T15:20:43.010Z

4 weeks ago