8.6

CVE-2025-64729

AVEVA Process Optimization Missing Authorization

The vulnerability, if exploited, could allow an authenticated miscreant 
(OS Standard User) to tamper with Process Optimization project files, 
embed code, and escalate their privileges to the identity of a victim 
user who subsequently interacts with the project files.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AvevaProcess Optimization Version < 2025
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.067
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.2 1.5 6
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
ics-cert@hq.dhs.gov 8.6 0 0
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
ics-cert@hq.dhs.gov 8.1 1.5 6
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://www.aveva.com/en/support-and-success/cyber-security-updates/
Vendor Advisory
https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea
Permissions Required
https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01
Third Party Advisory
US Government Resource
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json
Third Party Advisory