6.1
CVE-2026-1692
- EPSS 0.11%
- Veröffentlicht 26.02.2026 07:55:18
- Zuletzt bearbeitet 12.03.2026 14:20:44
- Quelle 87c8e6ad-f0f5-4ca8-89e2-89f26d
- CVE-Watchlists
- Unerledigt
Missing origin validation in GraphicalData web service requests
A missing origin validation in WebSockets vulnerability affects the GraphicalData web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to lure a successfully authenticated user to a malicious website. This vulnerability only affects the following two endpoints: GraphicalData/js/signalR/connect and GraphicalData/js/signalR/reconnect.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Arcinformatique ≫ Pcvue Version >= 12.0.0 <= 15.2.13
Arcinformatique ≫ Pcvue Version >= 16.0.0 < 16.3.4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.016 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| 87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932 | 5.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:Clear
|
CWE-1385 Missing Origin Validation in WebSockets
The product uses a WebSocket, but it does not properly verify that the source of data or communication is valid.
https://www.pcvue.com/security/#SB2026-2