CVE-2025-64691
AVEVA Process Optimization Code Injection
The vulnerability, if exploited, could allow an authenticated miscreant
(OS standard user) to tamper with TCL Macro scripts and escalate
privileges to OS system, potentially resulting in complete compromise of
the model application server.
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Productos afectados
AVEVA · Process Optimization¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.jsonhttps://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68eahttps://www.aveva.com/en/support-and-success/cyber-security-updates/https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01