CVE-2026-5387

CRITICAL

AVEVA Pipeline Simulation Missing Authorization

Title source: cna

Description

The vulnerability, if exploited, could allow an unauthenticated miscreant to perform operations intended only for Simulator Instructor or Simulator Developer (Administrator) roles, resulting in privilege escalation with potential for modification of simulation parameters, training configuration, and training records.

References (4)

Scores

CVSS v4 9.3
EPSS 0.0005
EPSS Percentile 17.0%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Details

CWE
CWE-862
Status published
Products (1)
AVEVA/Pipeline Simulation 2025 < 2025 SP1 (build 7.1.9497.6351)
Published Apr 15, 2026
Tracked Since Apr 15, 2026