CVE-2020-26867

moderate-risk
Published 2020-10-12

ARC Informatique PcVue prior to version 12.0.17 is vulnerable due to the deserialization of untrusted data, which may allow an attacker to remotely execute arbitrary code on the web and mobile back-end server.

Do I need to act?

~
3.2% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Pcvue

Affected Vendors

Pcvuesolutions

References (10)

Broken Link https://ics-cert.kaspersky.com/advisories/klcert-advisories/2020/10/09/klcert-20...
Third Party Advisory https://us-cert.cisa.gov/ics/advisories/icsa-20-308-03
Third Party Advisory https://us-cert.cisa.gov/ics/advisories/icsa-20-308-03
Vendor Advisory https://www.pcvuesolutions.com/security
Permissions Required https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1076-secur...
Broken Link https://ics-cert.kaspersky.com/advisories/klcert-advisories/2020/10/09/klcert-20...
Third Party Advisory https://us-cert.cisa.gov/ics/advisories/icsa-20-308-03
Third Party Advisory https://us-cert.cisa.gov/ics/advisories/icsa-20-308-03
Vendor Advisory https://www.pcvuesolutions.com/security
Permissions Required https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1076-secur...
43
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 6/34 · Minimal
Exposure 5/34 · Minimal