Description
ARC Informatique PcVue prior to version 12.0.17 is vulnerable due to the deserialization of untrusted data, which may allow an attacker to remotely execute arbitrary code on the web and mobile back-end server.
References (4)
Core 4
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://us-cert.cisa.gov/ics/advisories/icsa-20-308-03
Vendor Advisory x_refsource_confirm
https://www.pcvuesolutions.com/security
Broken Link x_refsource_confirm
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2020/10/09/klcert-20-015-remote-code-execution-in-arc-informatique-pcvue/
Permissions Required, Vendor Advisory x_refsource_confirm
https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1076-security-bulletin-2020-1
Scores
CVSS v3
9.8
EPSS
0.0357
EPSS Percentile
87.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-502
Status
published
Products (1)
pcvuesolutions/pcvue
8.10 - 12.0.17
Published
Oct 12, 2020
Tracked Since
Feb 18, 2026