Arcinfo Pcvue vulnerabilities
16 known vulnerabilities affecting arcinfo/pcvue.
Total CVEs
16
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2MEDIUM10LOW2
Vulnerabilities
Page 1 of 1
CVE-2011-4042P3CRITICALCVSS 9.3PoCv6.0v8.2+2 more2012-04-03
CVE-2011-4042 [CRITICAL] CVE-2011-4042: An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue,
An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary code by using a crafted HTML document to obtain control of a function pointer.
nvd
CVE-2011-4043P3CRITICALCVSS 9.3PoCv6.0v8.2+2 more2012-04-03
CVE-2011-4043 [CRITICAL] CWE-189 CVE-2011-4043: Integer overflow in an unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 thro
Integer overflow in an unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary code via a large value for an integer parameter, leading to a buffer overflow.
nvd
CVE-2011-4044P3MEDIUMCVSS 5.8PoCv6.0v8.2+2 more2012-04-03
CVE-2011-4044 [MEDIUM] CVE-2011-4044: An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue,
An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to modify files via calls to unknown methods.
nvd
CVE-2026-1693P3HIGHCVSS 7.5≥ 16.0.0, ≤ 16.3.3≥ 15.0.0, ≤ 15.2.13+1 more2026-02-26
CVE-2026-1693 [HIGH] CWE-477 CVE-2026-1693: The OAuth grant type Resource Owner Password Credentials (ROPC) flow is still used by the werbservic
The OAuth grant type Resource Owner Password Credentials (ROPC) flow is still used by the werbservices used by the WebVue, WebScheduler, TouchVue and Snapvue features of PcVue in version 12.0.0 through 16.3.3 included despite being deprecated. It might allow a remote attacker to steal user credentials.
nvd
CVE-2011-4045P4MEDIUMCVSS 4.3PoCv6.0v8.2+2 more2012-04-03
CVE-2011-4045 [MEDIUM] CWE-119 CVE-2011-4045: Buffer overflow in an unspecified ActiveX control in aipgctl.ocx in ARC Informatique PcVue 6.0 throu
Buffer overflow in an unspecified ActiveX control in aipgctl.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to cause a denial of service via a crafted HTML document.
nvd
CVE-2025-9999P3HIGHCVSS 7.6≥ 16.0.0, ≤ 16.3.3≥ 15.0.0, ≤ 15.2.12+1 more2025-09-05
CVE-2025-9999 [HIGH] CWE-940 CVE-2025-9999: Some payload elements of the messages sent between two stations in a networking architecture are not
Some payload elements of the messages sent between two stations in a networking architecture are not properly checked on the receiving station allowing an attacker to execute unauthorized commands in the application.
nvd
CVE-2026-1697P4MEDIUMCVSS 6.5≥ 16.0.0, ≤ 16.3.3≥ 15.0.0, ≤ 15.2.13+1 more2026-02-26
CVE-2026-1697 [MEDIUM] CWE-614 CVE-2026-1697: The Secure and SameSite attribute are missing in the GraphicalData web services and WebClient web ap
The Secure and SameSite attribute are missing in the GraphicalData web services and WebClient web app of PcVue in version 12.0.0 through 16.3.3 included.
nvd
CVE-2026-1698P4MEDIUMCVSS 6.1≥ 16.0.0, ≤ 16.3.3≥ 15.0.0, ≤ 15.2.132026-02-26
CVE-2026-1698 [MEDIUM] CWE-644 CVE-2026-1698: A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in
A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior.
This vulnerability only affects the endpoints /Authentication/ExternalLogin, /Authentication/AuthorizationCodeCallback an
nvd
CVE-2026-1695P4MEDIUMCVSS 6.1≥ 16.0.0, ≤ 16.3.3≥ 15.0.0, ≤ 15.2.13+1 more2026-02-26
CVE-2026-1695 [MEDIUM] CWE-79 CVE-2026-1695: An XSS vulnerability affects the OAuth web services used by the WebVue, WebScheduler, TouchVue and S
An XSS vulnerability affects the OAuth web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to trick a legitimate user into loading content from another site upon unsuccessful user authentication on an unknown application (unknown client_id).
T
nvd
CVE-2026-1696P4MEDIUMCVSS 6.1≥ 16.0.0, ≤ 16.3.3≥ 15.0.0, ≤ 15.2.13+1 more2026-02-26
CVE-2026-1696 [MEDIUM] CWE-79 CVE-2026-1696: Some HTTP security headers are not properly set by the web server when sending responses to the clie
Some HTTP security headers are not properly set by the web server when sending responses to the client application.
nvd
CVE-2026-1692P4MEDIUMCVSS 6.1≥ 16.0.0, ≤ 16.3.3≥ 15.0.0, ≤ 15.2.13+1 more2026-02-26
CVE-2026-1692 [MEDIUM] CWE-1385 CVE-2026-1692: A missing origin validation in WebSockets vulnerability affects the GraphicalData web services used
A missing origin validation in WebSockets vulnerability affects the GraphicalData web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to lure a successfully authenticated user to a malicious website.
This vulnerability only affects the follow
nvd
CVE-2025-9998P4MEDIUMCVSS 6.0≥ 16.0.0, ≤ 16.3.3≥ 15.0.0, ≤ 15.2.12+1 more2025-09-05
CVE-2025-9998 [MEDIUM] CWE-754 CVE-2025-9998: The sequence of packets received by a Networking server are not correctly checked. An attacker coul
The sequence of packets received by a Networking server are not correctly checked.
An attacker could exploit this vulnerability to send specially crafted messages to force the application to stop.
nvd
CVE-2025-4384P4MEDIUMCVSS 6.0≥ 16.0, < 16.2.5≥ 15.0, < 15.2.122025-05-06
CVE-2025-4384 [MEDIUM] CWE-298 CVE-2025-4384: The MQTT add-on of PcVue fails to verify that a remote device’s certificate has not already expired
The MQTT add-on of PcVue fails to verify that a remote device’s certificate has not already expired or has not yet become valid. This allows malicious devices to present certificates that are not rejected properly.
The use of a client certificate reduces the risk for random devices to take advantage of this flaw.
nvd
CVE-2026-1694P4MEDIUMCVSS 4.3≥ 16.0.0, ≤ 16.3.3≥ 15.0.0, ≤ 15.2.13+1 more2026-02-26
CVE-2026-1694 [MEDIUM] CWE-201 CVE-2026-1694: HTTP headers are added by the default configuration of IIS and ASP.net, and are not removed at the d
HTTP headers are added by the default configuration of IIS and ASP.net, and are not removed at the deployment phase of the webservices used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It unnecessarily exposes sensitive information about the server configuration.
nvd
CVE-2024-12056P4LOWCVSS 2.3≥ 12.0, < 16.2.22024-12-04
CVE-2024-12056 [LOW] CWE-358 CVE-2024-12056: The Client secret is not checked when using the OAuth Password grant type. By exploiting this vulne
The Client secret is not checked when using the OAuth Password grant type.
By exploiting this vulnerability, an attacker could connect to a web server using a client application not explicitly authorized as part of the OAuth deployment.
Exploitation requires valid credentials and does not permit the attacker to bypass user privileges.
nvd
CVE-2024-12057P4LOWCVSS 1.8≥ 16.0.0, < 16.2.4≥ 15.0.0, < 15.2.112024-12-09
CVE-2024-12057 [LOW] CWE-532 CVE-2024-12057: User credentials (login & password) are inserted into log files when a user tries to authenticate us
User credentials (login & password) are inserted into log files when a user tries to authenticate using a version of a Web client that is not compatible with that of the PcVue Web back end.
By exploiting this vulnerability, an attacker could retrieve the credentials of a user by accessing the Log File. Successful exploitation of this vulnerability coul
nvd