Primary

Context

AVEVA Process Optimization Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability has been identified in AVEVA Process Optimization, affecting all versions prior to 2024.1. This vulnerability allows an unauthenticated attacker to execute code with OS system privileges under the 'taoimr' service, potentially leading to a complete compromise of the model application server.

Impact

Exploitation of this vulnerability could result in unauthorized remote code execution with system privileges on the affected server.

Remediation

Users are advised to update to AVEVA Process Optimization version 2024.1 or later. For detailed update instructions, refer to the AVEVA Security Bulletin AVEVA-2026-001.

Added: Jan 16, 2026, 2:22 AM

Updated: Jan 16, 2026, 2:22 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

0.0

relevance

2.1

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

0.0

relevance

2.1

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AVEVA Process Optimization Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating