7.5
CVE-2026-1693
- EPSS 0.31%
- Veröffentlicht 26.02.2026 07:56:10
- Zuletzt bearbeitet 12.03.2026 14:23:22
- Quelle 87c8e6ad-f0f5-4ca8-89e2-89f26d
- CVE-Watchlists
- Unerledigt
Use of vulnerable Resource Owner Password Credentials flow
The OAuth grant type Resource Owner Password Credentials (ROPC) flow is still used by the werbservices used by the WebVue, WebScheduler, TouchVue and Snapvue features of PcVue in version 12.0.0 through 16.3.3 included despite being deprecated. It might allow a remote attacker to steal user credentials.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Arcinformatique ≫ Pcvue Version >= 12.0.0 <= 15.2.13
Arcinformatique ≫ Pcvue Version >= 16.0.0 < 16.3.4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.31% | 0.229 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| 87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932 | 5.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:Clear
|
CWE-1390 Weak Authentication
The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct.
CWE-477 Use of Obsolete Function
The code uses deprecated or obsolete functions, which suggests that the code has not been actively reviewed or maintained.
https://www.pcvue.com/security/#SB2026-2