CVE-2020-26867
published 2020-10-12CVE-2020-26867: ARC Informatique PcVue prior to version 12.0.17 is vulnerable due to the deserialization of untrusted data, which may allow an attacker to remotely execute…
PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.57%
87.9th percentile
ARC Informatique PcVue prior to version 12.0.17 is vulnerable due to the deserialization of untrusted data, which may allow an attacker to remotely execute arbitrary code on the web and mobile back-end server.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arc_informatique | pcvue | unspecified – 12.0.17 | — |
| pcvuesolutions | pcvue | >= 8.10 < 12.0.17 | 12.0.17 |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerable component is the web and mobile back-end server of PcVue. Monitor for unexpected deserialization activity targeting this service. ↗
- →The back-end service listens on a configurable port with a default of 8090. Monitor for unauthorized inbound connections on this port, especially connections not originating from the IIS Web Server process. ↗
- →Harden firewall rules so that connections to the back-end port (default 8090) are permitted only when initiated by the IIS Web Server process; any other source connecting to this port should be treated as suspicious. ↗
- ·The vulnerable back-end listening port defaults to 8090 but is configurable per-deployment via the Application Explorer. Verify the actual port in use on each system before writing port-based detection rules. ↗
- ·Affected versions span PcVue 8.10 through versions prior to 12.0.17; scope detection and patching efforts accordingly across this wide version range. ↗
- ·CVE-2020-26868 (CWE-767) also affects third-party systems based on the Web Services Toolkit, broadening the potential attack surface beyond PcVue itself. ↗
- ·No known public exploits specifically target these vulnerabilities at the time of advisory publication. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7x49-vpw9-2vmr: A Remote Code Execution vulnerability exists in PcVue from version 8
ghsa_unreviewed·2022-05-24
CVE-2020-26867 [CRITICAL] CWE-502 GHSA-7x49-vpw9-2vmr: A Remote Code Execution vulnerability exists in PcVue from version 8
A Remote Code Execution vulnerability exists in PcVue from version 8.10 onward, due to the unsafe deserialization of messages received on the interface.
CISA ICS
ARC Informatique PcVue (Update A)
cisa_ics·2020-11-03·CVSS 9.8
[CRITICAL] ARC Informatique PcVue (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
ARC Informatique PcVue (Update A)
Last RevisedJanuary 05, 2021
Alert CodeICSA-20-308-03
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: ARC Informatique
- Equipment: PcVue
- Vulnerabilities: Deserialization of Untrusted Data, Access to Critical Private Variable via Public Method, Information Exposure of Sensitive Information to an Unauthorized Actor
## 2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-20-308-03 ARC Informatique PcVue that was published November 3, 202
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2020/10/09/klcert-20-015-remote-code-execution-in-arc-informatique-pcvue/https://us-cert.cisa.gov/ics/advisories/icsa-20-308-03https://us-cert.cisa.gov/ics/advisories/icsa-20-308-03https://www.pcvuesolutions.com/securityhttps://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1076-security-bulletin-2020-1https://ics-cert.kaspersky.com/advisories/klcert-advisories/2020/10/09/klcert-20-015-remote-code-execution-in-arc-informatique-pcvue/https://us-cert.cisa.gov/ics/advisories/icsa-20-308-03https://us-cert.cisa.gov/ics/advisories/icsa-20-308-03https://www.pcvuesolutions.com/securityhttps://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1076-security-bulletin-2020-1
2020-10-12
Published