Arcinformatique

Pcvue

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2026-1698

  • EPSS 0.05%
  • Veröffentlicht 26.02.2026 07:58:00
  • Zuletzt bearbeitet 12.03.2026 14:30:52

A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerabilit...

6.5

CVE-2026-1697

  • EPSS 0.02%
  • Veröffentlicht 26.02.2026 07:57:46
  • Zuletzt bearbeitet 12.03.2026 14:27:33

The Secure and SameSite attribute are missing in the GraphicalData web services and WebClient web app of PcVue in version 12.0.0 through 16.3.3 included.

6.1

CVE-2026-1696

  • EPSS 0.04%
  • Veröffentlicht 26.02.2026 07:57:29
  • Zuletzt bearbeitet 12.03.2026 14:26:15

Some HTTP security headers are not properly set by the web server when sending responses to the client application.

6.1

CVE-2026-1695

  • EPSS 0.05%
  • Veröffentlicht 26.02.2026 07:57:11
  • Zuletzt bearbeitet 12.03.2026 13:50:53

An XSS vulnerability affects the OAuth web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to trick a legitimate user into loading content f...

4.3

CVE-2026-1694

  • EPSS 0.03%
  • Veröffentlicht 26.02.2026 07:56:57
  • Zuletzt bearbeitet 12.03.2026 14:25:17

HTTP headers are added by the default configuration of IIS and ASP.net, and are not removed at the deployment phase of the webservices used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included....

7.5

CVE-2026-1693

  • EPSS 0.06%
  • Veröffentlicht 26.02.2026 07:56:10
  • Zuletzt bearbeitet 12.03.2026 14:23:22

The OAuth grant type Resource Owner Password Credentials (ROPC) flow is still used by the werbservices used by the WebVue, WebScheduler, TouchVue and Snapvue features of PcVue in version 12.0.0 through 16.3.3 included despite being deprecated. It mig...

6.1

CVE-2026-1692

  • EPSS 0.02%
  • Veröffentlicht 26.02.2026 07:55:18
  • Zuletzt bearbeitet 12.03.2026 14:20:44

A missing origin validation in WebSockets vulnerability affects the GraphicalData web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to lur...

6.5

CVE-2022-4311

  • EPSS 0.36%
  • Veröffentlicht 12.12.2022 18:15:13
  • Zuletzt bearbeitet 21.11.2024 07:35:00

An insertion of sensitive information into log file vulnerability exists in PcVue versions 15 through 15.2.2. This could allow a user with access to the log files to discover connection strings of data sources configured for the DbConnect, which cou...

5.5

CVE-2022-4312

  • EPSS 0.05%
  • Veröffentlicht 12.12.2022 18:15:13
  • Zuletzt bearbeitet 21.11.2024 07:35:00

A cleartext storage of sensitive information vulnerability exists in PcVue versions 8.10 through 15.2.3. This could allow an unauthorized user with access the email and short messaging service (SMS) accounts configuration files to discover the assoc...

5.5

CVE-2022-2569

  • EPSS 0.05%
  • Veröffentlicht 24.08.2022 16:15:11
  • Zuletzt bearbeitet 21.11.2024 07:01:16

The affected device stores sensitive information in cleartext, which may allow an authenticated user to access session data stored in the OAuth database belonging to legitimate users