Description
The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Standard User) to tamper with queries in Captive Historian and achieve code execution under SQL Server administrative privileges, potentially resulting in complete compromise of the SQL Server.
References (4)
Core 4
Core References
Third Party Advisory
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-015-01.json
Permissions Required
https://softwaresupportsp.aveva.com/en-US/downloads/products/details/a643eaa3-0d85-4fde-ac11-5239e87a68ea
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01
Scores
CVSS v3
8.4
EPSS
0.0001
EPSS Percentile
1.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-89
Status
published
Products (1)
aveva/process_optimization
< 2025
Published
Jan 16, 2026
Tracked Since
Feb 18, 2026