Description

The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to trick Process Optimization services into loading arbitrary code and escalate privileges to OS System, potentially resulting in complete compromise of the Model Application Server.

Related CPE's

a

aveva

process_optimization

Vulnerable

References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json

Third Party Advisory

https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea

Permissions Required

https://www.aveva.com/en/support-and-success/cyber-security-updates/

Vendor Advisory

https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01

Third Party AdvisoryUS Government Resource

Weaknesses

[email protected]

Primary
CWE-427

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

8.8 · High

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2026-01-16T02:16:46.003Z

1 month ago

Last modified

2026-01-22T15:13:00.017Z

4 weeks ago