GCVE - cpe:2.3:a:aveva:process_optimization:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:aveva:process_optimization:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Aveva (`419325dd-398d-5d8e-98c9-e41c800a541d`)
Product	Process Optimization (`4207f5bd-1726-515f-8b6e-c7a923dad976`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-65118`	vulnerable	2026-06-03 15:09:40.247767	AVEVA Process Optimization Uncontrolled Search Path Element HIGH (8.8) The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to trick Process Optimization services into loading arbitrary code and escalate privileges to OS System, potentially resulting in complete compromise of the Model Application Server. Published: 2026-01-16T00:11:12.560Z Updated: 2026-01-16T15:39:37.345Z Open on db.gcve.eu Reference links https://www.aveva.com/en/support-and-success/cyber-security-updates/ https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01 https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-65117`	vulnerable	2026-06-03 15:09:40.247374	AVEVA Process Optimization Use of Potentially Dangerous Function HIGH (7.4) The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Designer User) to embed OLE objects into graphics, and escalate their privileges to the identity of a victim user who subsequently interacts with the graphical elements. Published: 2026-01-16T00:14:27.567Z Updated: 2026-01-16T14:53:13.050Z Open on db.gcve.eu Reference links https://www.aveva.com/en/support-and-success/cyber-security-updates/ https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01 https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-64769`	vulnerable	2026-06-03 15:09:39.784392	AVEVA Process Optimization Cleartext Transmission of Sensitive Information HIGH (7.1) The Process Optimization application suite leverages connection channels/protocols that by-default are not encrypted and could become subject to hijacking or data leakage in certain man-in-the-middle or passive inspection scenarios. Published: 2026-01-16T00:16:48.949Z Updated: 2026-01-16T14:52:30.496Z Open on db.gcve.eu Reference links https://www.aveva.com/en/support-and-success/cyber-security-updates/ https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01 https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-64729`	vulnerable	2026-06-03 15:09:39.716965	AVEVA Process Optimization Missing Authorization HIGH (8.1) The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to tamper with Process Optimization project files, embed code, and escalate their privileges to the identity of a victim user who subsequently interacts with the project files. Published: 2026-01-16T00:12:45.798Z Updated: 2026-01-16T14:53:45.166Z Open on db.gcve.eu Reference links https://www.aveva.com/en/support-and-success/cyber-security-updates/ https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01 https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-64691`	vulnerable	2026-06-03 15:09:39.668267	AVEVA Process Optimization Code Injection HIGH (8.8) The vulnerability, if exploited, could allow an authenticated miscreant (OS standard user) to tamper with TCL Macro scripts and escalate privileges to OS system, potentially resulting in complete compromise of the model application server. Published: 2026-01-16T00:06:56.554Z Updated: 2026-01-16T15:12:10.618Z Open on db.gcve.eu Reference links https://www.aveva.com/en/support-and-success/cyber-security-updates/ https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01 https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-61943`	vulnerable	2026-06-03 15:07:57.482278	AVEVA Process Optimization SQL Injection HIGH (8.4) The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Standard User) to tamper with queries in Captive Historian and achieve code execution under SQL Server administrative privileges, potentially resulting in complete compromise of the SQL Server. Published: 2026-01-16T00:09:18.629Z Updated: 2026-01-16T15:06:06.845Z Open on db.gcve.eu Reference links https://www.aveva.com/en/support-and-success/cyber-security-updates/ https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01 https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-61937`	vulnerable	2026-06-03 15:07:57.468423	AVEVA Process Optimization Code Injection CRITICAL (10) The vulnerability, if exploited, could allow an unauthenticated miscreant to achieve remote code execution under OS system privileges of “taoimr” service, potentially resulting in complete compromise of the model application server. Published: 2026-01-16T00:04:37.128Z Updated: 2026-01-16T15:10:11.404Z Open on db.gcve.eu Reference links https://www.aveva.com/en/support-and-success/cyber-security-updates/ https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01 https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.