cbcvebase.
CVE-2020-26867
published 2020-10-12

CVE-2020-26867: ARC Informatique PcVue prior to version 12.0.17 is vulnerable due to the deserialization of untrusted data, which may allow an attacker to remotely execute…

PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.57%
87.9th percentile
ARC Informatique PcVue prior to version 12.0.17 is vulnerable due to the deserialization of untrusted data, which may allow an attacker to remotely execute arbitrary code on the web and mobile back-end server.

Affected

2 ranges
VendorProductVersion rangeFixed in
arc_informatiquepcvueunspecified – 12.0.17
pcvuesolutionspcvue>= 8.10 < 12.0.1712.0.17

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerable component is the web and mobile back-end server of PcVue. Monitor for unexpected deserialization activity targeting this service.
  • The back-end service listens on a configurable port with a default of 8090. Monitor for unauthorized inbound connections on this port, especially connections not originating from the IIS Web Server process.
  • Harden firewall rules so that connections to the back-end port (default 8090) are permitted only when initiated by the IIS Web Server process; any other source connecting to this port should be treated as suspicious.
  • ·The vulnerable back-end listening port defaults to 8090 but is configurable per-deployment via the Application Explorer. Verify the actual port in use on each system before writing port-based detection rules.
  • ·Affected versions span PcVue 8.10 through versions prior to 12.0.17; scope detection and patching efforts accordingly across this wide version range.
  • ·CVE-2020-26868 (CWE-767) also affects third-party systems based on the Web Services Toolkit, broadening the potential attack surface beyond PcVue itself.
  • ·No known public exploits specifically target these vulnerabilities at the time of advisory publication.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.