Primary

Context

PcVue OAuth Improper Security Check Vulnerability in Web Services

Vulnerability

Patched

A vulnerability exists in the OAuth Resource Owner Password Credentials (ROPC) flow, which is still utilized by the web services for WebVue, WebScheduler, TouchVue, and Snapvue features in PcVue versions 12.0.0 to 16.3.3. This vulnerability arises from the continued use of a deprecated OAuth flow, potentially allowing remote attackers to steal user credentials.

Impact

Exploitation of this vulnerability could lead to unauthorized credential theft, allowing attackers to impersonate users.

Remediation

Users can upgrade to PcVue version 16.3.4 or 15.2.14 to address this vulnerability.

Added: Feb 26, 2026, 10:39 AM

Updated: Feb 26, 2026, 10:39 AM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

5.6

remediation

7.7

relevance

3.2

threat

0.0

urgency

0.0

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

5.6

remediation

7.7

relevance

3.2

threat

0.0

urgency

0.0

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PcVue OAuth Improper Security Check Vulnerability in Web Services

Vulnerability

Impact

Remediation

Affected Products

PcVue

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating