Description

The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Standard User) to tamper with queries in Captive Historian and achieve code execution under SQL Server administrative privileges, potentially resulting in complete compromise of the SQL Server.

Related CPE's

a

aveva

process_optimization

Vulnerable

References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json

Third Party Advisory

https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea

Permissions Required

https://www.aveva.com/en/support-and-success/cyber-security-updates/

Vendor Advisory

https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01

Third Party AdvisoryUS Government Resource

Weaknesses

[email protected]

Primary
CWE-89

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

8.4 · High

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2026-01-16T02:16:45.093Z

1 month ago

Last modified

2026-01-22T15:19:41.990Z

4 weeks ago