CVE-2020-26868
published 2020-10-12CVE-2020-26868: ARC Informatique PcVue prior to version 12.0.17 is vulnerable to a denial-of-service attack due to the ability of an unauthorized user to modify information…
PriorityP339high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
2.11%
79.4th percentile
ARC Informatique PcVue prior to version 12.0.17 is vulnerable to a denial-of-service attack due to the ability of an unauthorized user to modify information used to validate messages sent by legitimate web clients. This issue also affects third-party systems based on the Web Services Toolkit.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arc_informatique | pcvue | unspecified – 12.0.17 | — |
| pcvuesolutions | pcvue | >= 8.10 < 12.0.17 | 12.0.17 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hmv8-293h-5vrj: A Denial Of Service vulnerability exists in PcVue from version 8
ghsa_unreviewed·2022-05-24
CVE-2020-26868 [HIGH] CWE-668 GHSA-hmv8-293h-5vrj: A Denial Of Service vulnerability exists in PcVue from version 8
A Denial Of Service vulnerability exists in PcVue from version 8.10 onward, due to the ability for a non-authorized user to modify information used to validate messages sent by legitimate web clients.
CISA ICS
ARC Informatique PcVue (Update A)
cisa_ics·2020-11-03·CVSS 9.8
[CRITICAL] ARC Informatique PcVue (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
ARC Informatique PcVue (Update A)
Last RevisedJanuary 05, 2021
Alert CodeICSA-20-308-03
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: ARC Informatique
- Equipment: PcVue
- Vulnerabilities: Deserialization of Untrusted Data, Access to Critical Private Variable via Public Method, Information Exposure of Sensitive Information to an Unauthorized Actor
## 2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-20-308-03 ARC Informatique PcVue that was published November 3, 202
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2020/10/09/klcert-20-016-denial-of-service-in-arc-informatique-pcvue/https://us-cert.cisa.gov/ics/advisories/icsa-20-308-03https://www.pcvuesolutions.com/securityhttps://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1076-security-bulletin-2020-1https://ics-cert.kaspersky.com/advisories/klcert-advisories/2020/10/09/klcert-20-016-denial-of-service-in-arc-informatique-pcvue/https://us-cert.cisa.gov/ics/advisories/icsa-20-308-03https://www.pcvuesolutions.com/securityhttps://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1076-security-bulletin-2020-1
2020-10-12
Published