Primary

Context

AVEVA Process Optimization Privilege Escalation Vulnerability

Vulnerability

A vulnerability in AVEVA Process Optimization (formerly ROMeo) versions through 2024.1 has been identified, allowing an authenticated user with Process Optimization Designer privileges to embed OLE objects into graphics. This could lead to unauthorized privilege escalation by assuming the identity of a victim user who interacts with the modified graphical elements.

Impact

Exploitation of this vulnerability could enable an authenticated user to escalate privileges, potentially leading to unauthorized access or actions within the application.

Remediation

Users are advised to update to AVEVA Process Optimization version 2024.2 or later, where this vulnerability has been addressed.

Added: Jan 16, 2026, 2:19 AM

Updated: Jan 16, 2026, 2:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

2.6

remediation

0.0

relevance

2.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

2.6

remediation

0.0

relevance

2.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AVEVA Process Optimization Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating