Описание
The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Designer User) to embed OLE objects into graphics, and escalate their privileges to the identity of a victim user who subsequently interacts with the graphical elements.
The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Designer User) to embed OLE objects into graphics, and escalate their privileges to the identity of a victim user who subsequently interacts with the graphical elements.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-65117
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json
- https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea
- https://www.aveva.com/en/support-and-success/cyber-security-updates
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01
Связанные уязвимости
The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Designer User) to embed OLE objects into graphics, and escalate their privileges to the identity of a victim user who subsequently interacts with the graphical elements.
Уязвимость программного обеспечения для онлайн-моделирования и оптимизации процессов AVEVA Process Optimization, связанная с использованием потенциально опасных функций, позволяющая нарушителю повысить свои привилегии