CVE-2020-26867

CRITICAL

ARC Informatique PcVue <12.0.17 - Code Injection

Title source: llm

Description

ARC Informatique PcVue prior to version 12.0.17 is vulnerable due to the deserialization of untrusted data, which may allow an attacker to remotely execute arbitrary code on the web and mobile back-end server.

References (4)

[Broken Link] https://ics-cert.kaspersky.com/advisories/klcert-advisories/2020/10/09/klcert-20-015-remote-code-execution-in-arc-informatique-pcvue/

[Third Party Advisory, US Government Resource] https://us-cert.cisa.gov/ics/advisories/icsa-20-308-03

[Vendor Advisory] https://www.pcvuesolutions.com/security

[Permissions Required, Vendor Advisory] https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1076-security-bulletin-2020-1

Scores

CVSS v3 9.8

EPSS 0.0323

EPSS Percentile 86.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (1)

pcvuesolutions/pcvue < 12.0.17

Timeline

Published Oct 12, 2020

Tracked Since Feb 18, 2026